We are committed to giving you transparency of our privacy practices and control over your data in connection with Contribly's Services. Contribly collects and uses your personal data strictly within the legal limits of the data protection law in England and Wales. This Privacy Policy covers Contribly's treatment of personally identifiable information and other data that Contribly gathers when you are accessing Contribly's Services. The Services are not available to individuals who are younger than 16 years old.

This privacy policy has been updated in the light of the EU General Data Protection Regulation which came into effect in May 2018. Contribly is registered with the UK Information Commissioner’s Office in London, registration reference ZA174707

This policy informs you about:

• General aspects such as the data controller and general principles of the collection and use of your personal data by Contribly
• Personal data we collect and use when you visit our website
• What happens when end users use applications with content published through the Contribly Platform
• Your rights
• Changes to this policy

The Data Controller for the purpose of data protection law is Contribly Data Controller, 112-114 Witton Street, Northwich, Cheshire CW9 5NW. Please email any questions or concerns you may have regarding data privacy to: privacy@contribly.com

We may collect, store and use the following kinds of personal information:

(a) information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, and website navigation.

(b) Cookies

Contribly uses Google Analytics, a service provided by Google. This uses cookies. These are text files that are stored on your computer and permit an analysis of your use of the website. The information about your website use generated by the “Cookie” (including your truncated IP address) is transmitted to a server controlled by Google in the USA and is stored there. Google uses this information to analyse your use of the website, to generate reports about website activities for website operators and to provide further services related to website and internet use. Google may also share such information with third parties to the extent it is legally required to do so and/or to the extent third parties process data on behalf of Google. You may deactivate Google Analytics with the help of a browser add-on if you do not want this website analysis. This add-on can be downloaded at: http://tools.google.com/dlpage/gaoptout?hl=en

(c) As a Contribly client we hold your personal details for the purpose of providing the Contribly service you have purchased to you (access to the Contribly moderation tool, and the Contribly APIs) and for the purposes of formally contracting with your organisation, for billing and for providing ongoing training and support.

(d) When you request a ‘demo’ account we collect your name and email in order to set up a new account and provide the trial service

(e) when you join our mailing list by explicitly consenting via our website, we collect your name, company details and email. Contribly uses mailout services from SendInBlue for the purposes of providing the email communication to you. Your details are not shared with anyone else. You can request removal of your personal information by emailing us at privacy@contribly.com or using the ‘unsubscribe’ option.

We will not provide your personal information to any third parties for the purpose of direct marketing.

We use your personal information as follows: to provide you with the services that you request from us, for example, your demo account; or your Contribly service; to send you general (non-marketing) commercial communications, for example to notify you about changes to our products or services; to send statements and invoices to you, and collect payments from you; to carry out our obligations and enforce our rights arising from any contracts entered into between you and us; to send you email notifications which you have specifically requested.

When you sign up to receive our news and marketing information via our website we collect your name and email address, company details and telephone number. Your details are not shared with anyone else. You can request removal of your personal information by emailing us at privacy@contribly.com or using the ‘unsubscribe’ option.

Your personal details are not shared with third parties without your express consent except in the cases described below:

We may use contractually hired third parties and external service providers in order to provide our services, for instance regarding accounts processing (Xero, Dropbox, Google Apps), hosting or other software services (eg Fastly, Amazon Web Services). All client content is stored on AWS held within the EU and the UK.

In these cases we share information with such companies or individuals to enable them to carry out their tasks. Such external service providers are carefully selected in order to ensure your privacy. Service providers may only use the data for the purposes specified and are contractually and / or legally obliged to process data strictly in compliance with data privacy laws.

To comply with any court order, law or legal process, investigate fraud, including responding to any government or regulatory request, lawful requests by public authorities, or to meet national security or law enforcement requirements.

To enforce or apply our terms of service and other agreements, including for billing and collection purposes.

If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Contribly, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

When your contract terminates, your personal data will be deleted from our databases.

For demo accounts, your personal data will be deleted after three months, unless you specifically request that this period is extended and Contribly confirms this to you by email.

Specifically, the following happens when an account is deleted:

• All user contributions are removed Published assets hosted on cloud providers (ie. Amazon S3) are deleted by issuing delete API calls for each published file. Previously published assets may persist in CDN caches for up to serveral hours after deletion as caches expire.

Original submission media files are deleted from cloud storage by issuing delete API calls for each file. These original files are inaccessible and non recoverable to Contribly as soon as these delete calls complete.

The contributions are deleted from the Contribly database. These records are physically deleted from the database and its replicias (as opposed to being marked as non visible). As the Contribly database is a shared system processing a large volume of writes, deletes from the live databases cannot be recovered.

• User profiles are removed Each user profile attributed to your account is deleted from the Contribly database.

• Assignments and applications are removed Your assignments and applications are deleted from the Contribly database.

• Client access credentials are deleted Credentials used to access client systems (such as client API or social media access tokens) will be deleted from live systems. Clients should also revoke these credentials on their side.

• Backups are expired after 7 days Contribly retains encrypted off-site backups of the live system for 7 calendar days. After 7 days these all backup data relating to your account will have been deleted.

As a Contribly client, you are able to integrate the content that has been uploaded via the Contribly platform by your end users into your web and mobile applications. This happens through a Contribly application programming interface (API) that delivers content stored on Contribly’s servers into these web and mobile applications. The application programming interfaces (APIs) we provide are embedded in such applications and solely facilitate developers to request and work with content from Contribly’s servers. The APIs are not collecting any personal data of end users (e.g. tracking users on customer website or profile information). Contribly logs the originating IP address of an end user to avoid fraudulent use (e.g. denial of service attack).

The Contribly platform will potentially process personal data on behalf of you, the client, in order to provide the service to you. In this context, you are the data controller and Contribly is the data processor.

As Contribly does not have an EU office, in accordance with Article 27 of the GDPR, we have appointed Mr Ivan Blum as our EU Data Representative. Mr Blum can be contacted at ivanblum@contribly.com and at 4 Avenue Caroline, 92210, St Cloud, France

You are entitled, upon request, to disclosure regarding your personal data held by us. You are also entitled to have any incorrect data corrected and rights to blocking or deletion.

Please address any requests to privacy@contribly.com. We’ll acknowledge receipt and respond to your request within 30 days.

We may amend this privacy policy from time to time. All such changes will take effect once they have been posted on the site and you will be deemed to have accepted any such changes by your use of the site from time to time. Details of changes will be set out below.

Updated September 2023 to add details of Contribly's new EU Data Representative