What’s collected and why?

We collect and use the following information to provide, improve, and protect our Services:

Information You Provide:

• Account Information.

  You can browse our site without providing personal information, but you must register in order to access most of the features of Service. Depending on how you interact with the Service, we may ask for certain information such as your name (first name, last name), email address, a description of your purpose when using the Service (business or education), your industry if you are using the Service for business purposes, your role (teacher or student) and your school name and school district, if you’re using the Service for educational purposes. Depending on your Settings, some of this personal information may be displayed on your public profile and viewable to others on the Service. You can modify these Settings yourself in the Service. Student accounts and profile data are not public to people outside of the student’s organization. Please note that we process only your direct account information as data controller. We process your personal data collected via the Service and used for educational purposes decided and controlled by one of our organizational customers, in the role of data processor. Therefore, such personal data shall not be within the scope of this Privacy Policy.

• Optional Profile Information. After you setup your account, ThingLink members may also choose to provide additional information which may be shared with others on the Service or through your public profile, such as your name, email address, nickname or online alias, other ThingLink accounts you choose to follow, Immersive Images (as defined in the Content Information section below), websites, and other information relating to your User Content or your use of the Service. In connection with your use of the Service, we may also collect information created or provided by you, or that we otherwise receive, in connection therewith.

• Payment and Billing Information.

  We also collect credit card or payment information for paid subscriptions. This information will be securely stored with a third party specialized in the handling of such information, such as a credit card payment gateway or other payment vendors. ThingLink does not receive or process your payment card data.

• Content Information.

  Our Service is designed to make it simple for you to store your User Content, collaborate with others, and work across multiple devices to create unique, engaging visuals (“Immersive Images”). To make that possible, we store, process, and transmit your User Content as well as information related to it. This related information includes your profile information, which makes it easier to collaborate and share your User Content with others, as well as things like the size of the file, the time it was uploaded, collaborators, and usage activity. Our Service provides you with different options for sharing your User Content. You may provide us with information about you in draft and published User Content (such as for your Immersive Images). For example, if you create an Immersive Image that includes biographic information about you or someone else, we will have that information, and so will anyone with access to that Immersive Image if you choose to publish the Immersive Image publicly. We process the User Content as our customers’ service provider and in the role of data processor. This data is processed for purposes decided and controlled by one of our organizational customers. Therefore, such personal data shall not be within the scope of this Privacy Policy.

• Messages.

  If you correspond with us, you may also provide us personal information when you respond to surveys, communicate with our engineering or support teams about a question regarding the Service, or post a question about your User Content in our public forums.

• Telephone Information.

  If we call you, or you call us, to discuss our Service, we may collect personal information from you, including your name, company name, business address, phone number, job title, email address, whether you use the Service, information about your business needs, the number of users of our Service you require as well as other similar information you decide to share with us.

Information We Collect Automatically:

• Device Information. Like most online service providers, we collect information that web browsers, mobile devices, and servers typically make available, such as the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information. Your devices (depending on their settings) may also transmit approximate location information to the Services, based on the location of your IP address. We collect log information when you use our Service, for example, when you create or make changes to your Immersive Images.

• Usage Information. We collect information related to how you use the Service, including actions you take in your account (like sharing, editing, viewing, and moving files or folders). We use this information to improve our Service, develop new services and features, and protect ThingLink users.

• Location Information. We may determine the approximate location of your device from your IP address. We collect and use this information to, for example, calculate how many people visit our Service from certain geographic regions. We may also collect information about your precise location via our mobile apps (when, for example, you post a photograph with location information) if you allow us to do so through your mobile device operating system’s permissions. We do not track your location.

• Cookies and Similar Technologies. We use technologies like cookies and pixel tags to provide, improve, protect, and promote our Service. A cookie is a small text file containing a string of alphanumeric characters that may uniquely identify your browser that lets us help you log in faster and enhance your navigation through the Service. A cookie may also convey information to us about how you use the Service (e.g., the pages you view, the links you click, how frequently you access the Service, and other actions you take on the Service), and allow us to track your usage of the Service over time. You can set your browser to not accept cookies, but this may limit your ability to use the Service. Similarly, we may employ clear gifs (also known as web beacons) which are used to anonymously track your usage patterns on the Service, or place clear gifs in HTML-based emails we send you to track which emails are opened and which links you click. This information allows for more accurate reporting and improvement of the Service. For a detailed listing of what cookies we use and how we use them, please read our Cookie Policy.

• Stored Information: We may access information stored on your mobile device via our mobile app. We access this stored information through your device operating system’s permissions. For example, if you give us permission to access the photographs on your mobile device’s camera roll, our Service may access the photos stored on your device when you upload a photo to the Service to create an Immersive Image.

Information We Collect from Other Sources:

• Information We Receive from Social Networking Sites. We allow Users with certain third-party accounts (currently Users who have Google, Microsoft or Clever accounts) to authenticate on the Service using those third-party accounts. We also allow Users to share their immersive Images on third party services, such as social networking services provided by others, for example, Facebook. If you create or log into your account on the Service through another third-party service or if you connect your Immersive Image on a social media service (like Twitter), we will receive information from that service (such as your username and other basic profile information) via the authorization procedures used by that service. The information we receive depends on which services you authorize and any options that are available. You should always review, and if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our website or Service.

• Third Party Analytics Services. We may also receive information from third party services, such as HubSpot, to help us better understand you and how you use our Service. Information Collected by Third Parties:

  Third Party Analytics Services. As noted above, sometimes we receive information about you from third party analytics services. In order to gain useful insights, these analytics providers may set tracking technologies (like cookies) to collect information about your use of our Services and across other websites and online services. Please see our Cookie policy for more information.

• Third Party Embeds. Some of the content that you see displayed on the Service is not hosted by ThingLink. These “embeds” are hosted by a third-party and embedded in the Service. For example: YouTube or Vimeo videos, Imgur or Giphy gifs, SoundCloud audio files, Twitter tweets, GitHub code, or Scribd documents that appear on our website, or within an Immersive Image hosted on the Service. These files send data to the hosted site just as if you were visiting that site directly (for example, when you load a ThingLink webpage with a YouTube video embedded in it, YouTube receives data about your activity). ThingLink does not control what data third parties collect in cases like this, or what they will do with it. So, third-party embeds on the Service are not covered by this privacy policy. They are covered by the privacy policy of the third-party service.

• Information received through YouTube API Services. In certain cases, ThingLink uses YouTube API Services to help you create your content. If you are using YouTube content on our platform, you are agreeing to be bound by the YouTube Terms of Service and Google Privacy Policy. ThingLink does not receive user information from YouTube. The YouTube API Services are used to receive information about YouTube audiovisual content, such as width, height, title, duration, description and other parameters.

Purposes for Collecting this Information:

We use information about you as mentioned above and for the purposes listed below:

• To provide you the Service, including for example, hosting your Immersive Images and billing you for the Service;

• To maintain, monitor, and improve the Service by adding new features, sharing new use cases, or making the Service easier to use;

• To monitor and analyze trends and better understand how you interact with our Service;

• For our own internal benchmarking, for example, to measure, and gauge the effectiveness of the Service, our advertising of the Service, and to better understand user retention and attrition – for example, we may analyze how many individuals purchased a plan after receiving a marketing message or the features used by those who continue to use our Service after a certain length of time;

• To prevent problems with our Service, protect the security of our Service, detect fraudulent transactions and other illegal activities, fight spam, and protect the rights and property of ThingLink and others, which may result in us declining a transaction or the use of our Service;

• To personalize your experience using our Service, remember your preferences on the Service so that you will not have to re-enter it during your visit or the next time you use the Service, target our marketing messages to groups of our Users (for example, those who have a particular plan with us or have been our user for a certain length of time), to serve relevant product marketing. For the purposes of this Privacy Policy, product marketing means product notifications, updates and examples of use or community messages. When we process personal data for the purposes of targeting product marketing, we use user groups, and marketing materials are altered depending on the account type. We do not use personal data of students for the purposes of targeted marketing or advertisements; and

• To communicate with you, for example through an email, about offers and promotions offered by ThingLink and others we think will be of interest to you, solicit your feedback, or keep you up to date on what we’re up to and our products. We give users the option to use some of our Services free of charge. These free Services are made possible by the fact that some users upgrade to one of our paid Services. If you register for our free Services, we will, from time to time, send you information about upgrades when permissible. For further information on your choices regarding your choices with regard to the use of your information for marketing purposes, see "Your Choices Regarding Your Information" below.

Legal basis for collecting and using information

• We collect and use the personal data described above based on the following grounds:
• The use is necessary in order to fulfill our commitments to you under our Terms of Use or other agreements with you or is necessary to administer your account, for example, in order to enable access to our Service on your device or charge you for a paid subscription; or
• Processing of personal data is necessary for compliance with a legal obligation; or
• We have a legitimate interest in using your information, for example, to run, maintain, develop and promote our business, to provide and update our Service, to improve our Service so that we can offer you an even better user experience, to safeguard our Service, to communicate with you, to measure, gauge, and improve the effectiveness of our advertising, and better understand user retention and attrition, to monitor and prevent any problems with our Service, and to personalize your experience. We may also process personal data for our legitimate interest to create and maintain customer and other business relationships and whilst fulfilling our contractual obligations towards our organizational customers; or
• You have given us your consent, for example before we place certain cookies on your device and access and analyze them later on, as described in our Cookie Policy.

When choosing to use your data on the basis of our legitimate interests, we weigh our own interests against your right to privacy and e.g. provide you with easy to use opt-out from our marketing communications and use pseudonymized or non-personally identifiable data when possible.

Disclosure of information to third parties (categories of recipients)

We won’t transfer information about you to third parties for the purpose of providing or facilitating third-party advertising to you. We won’t sell information about you either. We may share your personal information in the limited instances described below. For further information on your choices regarding your information, see "Your Choices Regarding Your Information."

• Others Working For or With ThingLink.

  We may share information about you with third party vendors who need to know information about you in order to provide their services to us, or to provide their services to you. This group includes vendors that help us provide our Services to you (like payment providers that process your credit and debit card information, fraud prevention services that allow us to analyze fraudulent payment transactions, postal and email delivery services that help us stay in touch with you, customer chat and email support services that help us communicate with you, those that assist us with our marketing efforts (e.g. by providing tools for identifying a specific marketing target group or improving our marketing campaigns), those that help us understand and enhance our Services (like analytics providers), and those that help us deliver our Service (like hosting and content delivery providers). These vendors process personal data as our data processors on our behalf. We require vendors to agree to privacy commitments in order to share information with them. When your personal data is processed by third parties as data processors on behalf of ThingLink, ThingLink has taken the appropriate contractual and organizational measures to ensure that your data are processed exclusively for the purposes specified in this Privacy Statement, and in accordance with applicable laws and regulations. Other vendors are listed in our more specific policies (e.g. our Cookie Policy).

• Other Users.

  Our Services display information like your name, profile picture, and profile description to other users in places like your user profile and sharing notifications. For our student users, this profile data is displayed only to users belonging to the same organization. You can also share Your Immersive Images with other users if you choose. When you register your ThingLink account with an email address on a domain owned by your employer, educational institution, or organization, we may help collaborators and administrators find you and your team by making some of your basic information, like your name, team name, profile picture, and email address, visible to other users on the same domain. This helps you sync up with teams you can join and helps other users share files and folders with you.

• Account Administrators.

  If your use of the Service is pursuant to an Agreement entered into by your employer, education institution, or other organization to which you belong, (e.g., ThingLink Business plans or ThingLink Education), your administrator may have the ability to access and control your ThingLink team account. Please refer to your organization’s internal policies if you have questions about this.

• Third Parties at Your Request.

  Certain features let you make additional information available to the public. You may have the option to share your ThingLink activities with your friends, or through email, SMS text, or various social media sites or on your blog or website. Public information may also be indexed by search engines or used by third parties. Please keep all of this in mind when deciding what you would like to share.

• Other Applications.

  You can also give third-party providers access to your information and account, for example, via ThingLink APIs. Please remember that their use of your information will be governed by their privacy policies and terms.

• Company Transactions.

  Other parties in connection with any company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by another company or third party or in the event of bankruptcy or related or similar proceedings. Your information, including user names and email addresses, User Content, and other user information may be among the items sold or otherwise transferred in these types of transactions. In this case, we will continue to ensure the confidentiality of all personal data. We will give notice to all the Users concerned when the personal data are transferred or become subject to a different privacy statement, as soon as reasonably possible; and

• Law & Order and the Public Interest.

  Third parties as required to (a) satisfy any applicable law, regulation, subpoena/court order, legal process or other government request, (b) enforce our Terms of Use Agreement, including the investigation of potential violations thereof, (c) investigate and defend ourselves against any third party claims or allegations, (d) protect against harm to the rights, property or safety of ThingLink, its users or the public as required or permitted by law and (e) detect, prevent or otherwise address criminal (including fraud or stalking), security or technical issues.

• Aggregated and De-Identified Information.

  We may share information that has been aggregated or de-identified. In this case, the personal data is permanently anonymized so that no personally identifiable data is shared. For instance, we may publish aggregate statistics about the use of our Service.

Your choices and rights regarding your information

• Account Data (Right to Access).

  ThingLink does not verify the accuracy of the personal data you provide. All ThingLink profiles are typically made available to the public, however you may elect to make your content private. If you make all of the content on your profile private, then a your profile will not appear in a directory search of the Service, but a user may still be able to access your profile if they know the uniform resource locator (URL) address for your profile. For our student users, this profile data is displayed only to users belonging to the same organization. You can edit and change your profile and account data through the Settings of your account. You have the right to inspect the personal data we have stored about you in the ThingLink User Register either via the Service (if we, in our sole discretion, offer such functionality) or by requesting it in writing from ThingLink. You have the right to access and be informed about your personal data processed by us. You may contact us and request a copy of your personal data. You can also choose not to provide the optional account information, profile information, and transaction and billing information. Please keep in mind that if you do not provide this information, certain features of our Services, for example, paid, premium Services, may not be accessible.

• Limit Access to Information On Your Mobile Device.

  Your mobile device operating system should provide you with the ability to discontinue our ability to collect stored information or location information via our mobile apps. If you do so, you may not be able to use certain features (like adding a location to a photograph, for example).

• Access to Data Controlled by Our Users.

  ThingLink has no direct relationship with the end users (usually students or employees) of our Users, whose personal information is contained within the personal data processed by our Services. An individual who seeks access, or who seeks to correct, amend, or delete personal information provided by our Users should direct their request to the specific User. You may also contact us at info@ThingLink.com if you have additional questions or concerns.

• Marketing Communications.

  We or a third party will obtain your consent before sending you electronic direct marketing. If you do not wish to receive promotional emails, you can click the "unsubscribe" button on promotional email communications. If you opt out of promotional messages, we may still send you other messages, like those about your account and legal notices. We sometimes contact people who do not have a ThingLink account, for example if you subscribe to our newsletter or marketing list or request more information about our Service.

• Close Your Account (Right to erasure).

  Of course, while it’s hard to say goodbye, we understand that sometimes you just need to move on. You can delete your information from within your account or close your account. To close your account, please contact us, and keep in mind that we may continue to retain your information after closing your account, as described in How Store Your Information below, for example, when that information is reasonably needed to comply with (or demonstrate our compliance with) legal obligations such as law enforcement requests, or reasonably needed for our legitimate business interests. We’ll use all commercially reasonable efforts to delete or anonymize your User Content upon request, but please be aware that due to the social nature of our Service, it may not be possible to completely remove all of your personally identifiable User Content if, for example, that content has been stored, republished, or reposted by another user or a third party.

• Take Your Data (Data Portability).

  You can download a copy of your content in a machine-readable format as through the settings feature of your account. You can also ask us for a copy of personal data you provided to us.

• Consents (Right to withdraw a consent).

  In case the processing is based on a consent granted by the User, the User may withdraw the consent at any time. Withdrawing a consent may lead to fewer possibilities to use the Services. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

• How to use your rights.

  The abovementioned rights may be used either directly in the Service (as described above) or by sending a letter or an e-mail to us on the addresses set out above, including the following information: the full name, e-mail address and a phone number. We may request the provision of additional information necessary to confirm the identity of the User. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.

How we process your information

• Security.

  ThingLink cares about the security of your information and uses commercially reasonable physical, administrative, and technological safeguards to preserve the integrity and security of all information we collect and that we share with our service providers. Personal data and backups are stored in protected databases located behind a firewall and with both physical and software-based access controls. However, no security system is impenetrable, and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.

• Retention and Storage Period.

  We do not store your personal data longer than is legally permitted and necessary for the purposes of this Privacy Policy. The storage period depends on the nature of the information and on the purposes of processing. The maximum period may therefore vary per use. When you sign up for an account with us, we’ll retain information you store on our Services for as long as your account is in existence or as long as we need it to provide you the Services. If you delete your account, we will initiate deletion of this information within 30 days of your request. But please note: (1) there might be some latency in deleting this information from our servers and backup storage; and (2) we may retain this information if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.

Important notice

This Privacy Policy does not govern the collection, use, or disclosure of personal information through the Service by the educational institution or organization which has given you (or your child) access to the Service. Please contact this organization to better understand its privacy practices.

Processing of data regarding children

In some instances, children may use the Service and personal data of children may be collected to the Service. We take many special precautions to protect the privacy of children under 13. Children may only access the Services at the direction of their teacher or school district when their teacher or school has subscribed to the Service and enabled the option for their students to join the Service. In this case, the school or another institute shall be a data controller and shall be responsible for the processing of personal data, including the collection of parental consents when necessary. Please see our Kid's Privacy Policy to learn more about how we protect the privacy of our users who are under 13 years of age.

Transferring your data

Because the Services are offered worldwide, the information about you that we process when you use the Services in the EU may be used, stored, and/or accessed by individuals operating outside the European Economic Area (EEA) who work for us, other members of our group of companies, or third party data processors. This is required for the purposes listed in the What We Collect and Why section above. When providing information about you to entities outside the EEA, we will take appropriate measures to ensure that the recipient protects your personal information adequately in accordance with this Privacy Policy as required by applicable law. These measures include, in the case of entities based in other countries outside the EEA, entering into European Commission approved standard contractual arrangements with them, unless ThingLink has adopted an alternative method other than the Standard Contract Clauses, that ensures an adequate level of protection of personal data in a third country.

You can ask us for more information about the steps we take to protect your personal information when transferring it from the EU by contacting us by using the contact details set out in this Privacy Policy.

Updates to this privacy policy

We reserve the right to modify this Policy from time to time. If we make any changes to this Privacy Policy, we will change the "Last Updated" date at the top of this page and will post the updated Privacy Policy on this page.

Contact and lodging a complaint

Have questions or concerns about ThingLink, our Services, and privacy? Contact us at info@ThingLink.com.

In case the User considers our processing of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged with the local supervisory authority for data protection.

COPPA compliance

Some users of the Service may include young children. We take many special precautions to protect the privacy of children under 13. The Children’s Online Privacy Protection Act (COPPA) protects children under the age of 16. Children may only access the Services at the direction of their teacher or school district by using an invitation code provided to them by their teacher or educational institution. School officials and teachers are authorized under COPPA to provide consent on behalf of parents; therefore, ThingLink does not obtain parental consent directly from parents of children who are using the Service. A teacher or school district official provides consent for a child under the age of 13 to use the Service when they create an account on the Service for that child. Please see the ‘ThingLink’s Kid’s Privacy Policy’ above to learn more about how we protect the privacy of our users who are under 13 years of age.

FERPA compliance

The Family Educational Rights and Privacy Act (FERPA) provides parameters for what is permissible when sharing student information. ThingLink is authorized by schools and districts under the FERPA “school official” exception to receive and use educational data to provide educational services. This data has significant educational value; apart from enabling the creation of accounts with which students access the Service, the data allows teachers to track student activity and assess student performance. This information is used only for academic purposes. We do not collect data for collection’s sake, and access is limited and appropriate. For specific information regarding our data handling practices with regard to student data, please refer to our ‘Kid’s Privacy Policy’ above.