Personal information is data that can be used to uniquely identify or contact a specific individual.
You may be asked to provide your personal information anytime you are in contact with us (like when you fill out our contact form or sign up for a newsletter). You are not required to provide the information we requested, but if you choose not to do so, in many cases this means we will not be able to provide you with our products or services or respond to your inquiries.
What personal information we collect
Here are examples of the types of personal information that we collect:
When you visit our website, connect to our services, contact us, use our software, create an account, or subscribe to your newsletter, we collect a variety of information, including your email address, device information, IP address, and a record of your communication. When using our software, we collect additional information such as crash reports, information about the operating system, application version, user language, and whether or not you're logged in to your account.
The personal information we collect allows us to keep you up to date on our latest product announcements, software updates, and services. You may at any time opt out of receiving such communications by contacting us. In particular, we only send you our newsletter with your prior consent, and you can opt out of receiving the newsletter anytime by clicking the unsubscribe link we include in each newsletter, or by contacting us. We also use the personal information we collect to help us create, develop, deliver, protect, and improve our products, services, content, and customer communications. We may use your personal information to send important notices, such as communications about changes to our terms, conditions, and policies. As this information is important to your interaction with Drew's Rainbows, you may not opt out of receiving these communications. We may also use personal information for internal purposes such as auditing, data analysis, and research to improve our products, services, and customer communications. Controller within the meaning of the data protection laws and service provider.
Collection and Use of Non-Personal Information
Non-personal information is data that cannot, on its own, be used to uniquely identify a specific individual. We may collect, use, transfer, and disclose non-personal information for any purpose. We may combine personal and non-personal information for certain purposes; this data will then be treated as personal information for as long as it remains combined. Conversely, aggregated information, i.e. data that might have originated from personal information, but that has been processed in such a way as to not allow personal identification, is treated as non-personal information.
Cookies and Other Technologies
Our website, services, apps, email communications and advertisements may use “cookies” and other technologies such as “pixel tags” and “click-through URLs”.
We use the information we collect in this manner to better understand our users’ interaction with our website and to optimize the user experience. You can disable cookies in your browser settings, but please note that certain features on our website may not be available as a result.
In our email communications, we may use other technologies like “pixel tags” and “click-through URLs” in order to determine if an email has been opened and which links have been clicked. We use this information to help us determine interest in particular topics and improve the effectiveness of our communications, and to reduce or eliminate messages sent to customers. Pixel tags are small images shown inside an HTML email; you can disable tracking by disabling HTML in your email client. A link with a click-through URL, when clicked, first sends the user to a web server which records the click, and then to the link’s destination. If you prefer not to be tracked in this way, you should not click text or graphic links in the email messages.
As you access our services, we gather some information automatically on our servers and store it in log files. This information includes your browser type, version, and language, your operating system, the referring and exit websites, IP address, a date/time stamp of the request, and the requested resource (file name and URL). We use this information in anonymized form for statistical analysis, to administer our site, and to improve our product and services, without directly associating this data with individual users.
Disclosure to Third Parties
We don’t share personal information with anyone outside of Drew's Rainbows, except for the few exceptions below.
We work together with other companies who provide information processing services. We only share personal information with these companies if you have agreed to the transfer, or if it is permitted by data protection law. The information we share is limited to the data necessary for the third parties to provide their services. We use these companies for the following services: hosting of our website and support portal, providing our help desk software, sending out newsletters, analyzing our website traffic, hosting our cloud services, manage our app beta testing, and processing our app crash reports. These companies are obligated to protect your information in accordance with data protection law and provide the necessary safeguards if they are outside of the United States, Canada or the EU. The companies are bound by our instructions, and are not allowed to use the shared data for any other purpose.
We also share personal information if disclosure of such information is reasonably necessary to satisfy any applicable law, regulation, legal process or enforceable governmental request; to enforce applicable Terms of Service, including investigation of potential violations thereof; to detect, prevent, or otherwise address fraud or security issues; and to protect against harm to the rights, property or safety of Drew's Rainbows, its users or the public as required or permitted by law.
If Drew's Rainbows is involved in a reorganization, merger, or sale, the information we collect may be transferred as part of that transaction.
Protection of Personal Information
We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, including appropriate encryption and physical security measures to guard against unauthorized access to systems where we store personal data.
Inside Drew's Rainbows, we restrict access to personal information to only those employees who need to know that information in order to deploy and maintain our services. These individuals are bound by confidentiality agreements and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
Whenever you connect to our CRM or marketing database service, we use encryption such as Transport Layer Security (TLS) for all information that is being transmitted. However, no method of transmitting or storing data is 100% secure, so we cannot guarantee the security of information you transmit to us.
Some parts of our website, such as our blog or forums, may allow you to post personal information, such as your name or email address. This information is publicly accessible and can be read, collected, and processed by anyone. So please take care when using these features.
Access to Personal Information
You are entitled to request information about the personal data stored by us, to have incorrect data corrected, or to request the freezing or deletion of your data. For example, you can request the deletion of our CRM or marketing database account and its associated email address and content by going into the settings in any of our applications. You are also entitled to the portability of your personal data. Further, you may object to the use of your data at any time with effect for the future.
There are, however, cases where we are not allowed to delete your data in its entirety as a result of legal retention periods. We may also decline requests if they risk the privacy of others, would be extremely impractical, or for which access is not required by law.
We do not knowingly collect personal information from children under 16, or equivalent minimum age in the relevant jurisdiction, unless their parent provided verifiable consent. If we learn that we have collected personal information from a child under 16, or the equivalent minimum age in the relevant jurisdiction, without consent of their parent, we will take steps to delete this information as soon as possible. Parents or guardians can contact us at firstname.lastname@example.org.
Third-Party Sites and Services