- Notice to End Users
- Data We Collect and Receive
3.1 Client Data
Clients and Authorized Users routinely submit Client Data to VueLab when using the Services. Client Data is governed by the Client Agreement. Client Data may include Account Information, Hosted Data, Sync Data, or any Client Data otherwise defined in the Client Agreement. If you have any questions about your Personal Data with respect to Client Data, please contact the Client with whom you have a direct relationship and whose Workspace you use.
- Account Information. To create or update an Authorized User account for the Services, you or your Client (e.g. your employer) provide us with data about you and your employment, such as:
- Employee ID
- Email Address
- IP Address
- Performance Management Data (unstructured)
- Preferred Name
- Date of Birth
- Photo URL
- Employment Status (e.g., Active/Inactive)
- Employment Type (e.g., Full-Time, Part-Time, Contract)
- Job Title
- Job Location
- Hire Date
- Termination Date
- Division Name
- Department Name
- any other applicable Personal Data that may identify you individually
- Hosted Data. When a Client uses, or Authorized User interacts with, the Services, we may collect, process, and store any data that is created, posted, uploaded, stored, displayed, transmitted, or submitted on or through the Services (collectively, “Hosted Data”), as a function of rendering the Services. Hosted Data may contain Personal Data to the extent a Client or Authorized User discloses Personal Data on or through the Services. VueLab is a passive recipient and takes no active part in collecting or storing Hosted Data. Except to the extent necessary to render the Services or related support for the Services, VueLab does not purposefully access any Hosted Data. For example, if you submit a review of another Authorized User, the Services passively processes and stores such performance review for the purpose of rendering the Services, and we will only access such information to the extent necessary to provide the Services and related support for the Services.
3.2 Other Information
VueLab may collect Other Information from Clients and Authorized Users related to their usage of the Services and interactions with VueLab. Other Information may include Metadata, Log Data, Technical Data, Cookie Data, Third Party Services, and Additional Information Provided to VueLab. If you have any questions about your Personal Data with respect to Other Information, please contact VueLab at [email protected].
- Metadata. When an Authorized User interacts with the Services, metadata is generated that provides additional context about the Services and the way Authorized Users use the Services (“Metadata”). VueLab collects aggregated Metadata of the Services, so that the resulting data and statistics are not personally identifiable to any individual Authorized User.
- Log Data. Like most websites and web-based technology services, our servers automatically collect data when you access or use our Websites or the Services and record it in log files (“Log Data”). The Log Data may include your Internet Protocol (IP) address, Internet service provider (ISP), browser type and settings, information about browser plugins, language preference, default email application, referring/exit websites, operating system, date and time stamp, cookie data, and certain user activities.
- Technical Data. VueLab collects technical data, such as information about devices accessing the Services, including the type of device, device settings, operating system, application software, peripherals, and unique device identifiers (“Technical Data”). VueLab does not collect Personal Data with any Technical Data or relate any Technical Data to any individual Authorized User.
- Third Party Services. Clients may choose to permit or restrict integrations with Third Party Services for their Workspace. Once enabled, the enabled Third Party Services may share certain data with VueLab to effectuate the integration. You should check the privacy settings and notices of these Third Party Services to understand what data may be disclosed to VueLab.
- Additional Information Provided to VueLab. VueLab receives data when submitted to our Websites or through our Services, or if you contact us (e.g., by email, telephone calls, written correspondence, web based forms, or otherwise), request support, apply for or take a job with us, contract with us, interact with our social media accounts, or otherwise communicate with VueLab.
3.3 No Sensitive Personal Data
VueLab does not intentionally collect, process, or store, and we request that you do not post, upload, store, display, transmit, or submit Sensitive Personal Data on or through the Services or in Client Data. “Sensitive Personal Data” includes, but is not limited to, government-issued identification numbers; financial account numbers; credit or debit card numbers; consumer reports; background checks; any code or password that could be used to gain access to personal accounts; genetic data or biometric data; any Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; or data concerning health or sex life or sexual orientation. VueLab is not responsible and will not be liable for any loss or damages you or another individual may experience due to your disclosure of Sensitive Personal Data while using the Services.
3.4 No Children’s Data
VueLab’s business activities are directed to other businesses and the Services are intended for use only by those who are 18 years of age and over. The Services are not directed to or intended for children, and VueLab does not intentionally collect, process, or store any Personal Data from any person under 13 years of age. In the event we discover we have inadvertently collected, processed, or stored any Personal Data from a person under 13 years of age, we will promptly take the appropriate steps to delete such data or seek the necessary verifiable parental consent for that collection in compliance with the Children’s Online Privacy Protection Act (“COPPA”).
- How and Why We Use Data
Client Data will be used by VueLab in accordance with Client’s instructions, including any applicable terms in the Client Agreement and Client’s use of Services functionality, and as required by applicable law. Client may, for example, use the Services to grant and remove access to a Workspace, create Authorized Users accounts, assign roles and configure settings, access, modify, share, restrict, export, and remove Client Data and otherwise apply its own policies to the Services.
Other Information will be used by VueLab to operate our business and provide the Websites and render the Services with a lawful basis for processing, such as with your express consent for a specific purpose, to perform our contractual obligations, to comply with legal obligations, or otherwise in furtherance of our legitimate interests. Specifically, VueLab may use Other Information for these purposes and legal bases:
- Providing the Websites and Services. To provide the Websites and render the Services under a Client Agreement, manage Authorized Users requests interacting with the Services (e.g. login and authentication, remembering settings, etc.), hosting and back-end infrastructure, analyze and monitor usage, monitor and address service performance, security, and technical issues.
- Improving the Websites and Services. To improve and optimize the Websites and Services, such as to test and validate features, drive product roadmap and design decisions, and improve quality of data, analytics, and text processing.
- Support Services. To respond to support requests via live chat, phone, or email and otherwise provide support for and resolve problems with the Services.
- Communications. To send technical, administrative, and marketing emails, messages, and other communications. Services-related technical and administrative communications and important Services-related notices, such as maintenance and security announcements, are essential to delivery of the Services and you cannot opt-out. Marketing communications about new product features, service offerings, and other news about VueLab are optional, you have the choice whether or not to receive them, and you may opt-out at any time.
- Account Management. To contact for billing, account management, feedback, and other administrative matters.
- Security Purposes. To help prevent and investigate security issues and abuse.
- Legal Obligations. To comply with legal obligations as required by applicable laws, legal process, or regulations.
- How We Share and Disclose Data
- Client’s Instructions. VueLab will share and disclose Client Data in accordance with a Client’s instructions, including any applicable terms in the Client Agreement and Client’s use of the Services functionality, and as required by applicable law. Pursuant to the Client Agreement, Client Data is generally treated as the confidential information of Client unless stated otherwise.
- Client Access. Administrators, Authorized Users, and other Client representatives and personnel may be able to access, modify, or restrict access to your data. For example, your Client (e.g., your employer) may use the Services administrative controls and features to access or modify your account details or view certain activities in their Workspace.
- Displaying the Services. When an Authorized User submits data on the Services, it may be displayed to the Client and other Authorized Users in the same Workspace. For example, an Authorized User’s name, job title, and work email address, among other things, may be displayed with their profile accessible to the Client and other Authorized Users in the same Workspace. While in some cases you can make certain data private to specific users, by default most data is public to other Authorized Users in the same Workspace. You are solely responsible for all data you post, upload, store, display, transmit, or submit on the Services, including Personal Data, and the consequences thereof. VueLab is not responsible and will not be liable for the data disclosed on the Services.
- Rendering the Services. VueLab employees and contractors may have access to your data on a need to know and confidential basis to the extent necessary to render the Services and related support for the Services.
- Third Party Services. Client may enable or permit integrations with or use of Third Party Services in connection with the Services. When enabled, VueLab may share certain data with such Third Party Services as requested to effectuate the integration. Third Party Services are not owned or controlled by VueLab and third parties that have been granted access to your data may have their own policies and practices for its collection and use. You should check the privacy settings and notices of these Third Party Services to understand their privacy practices.
- Changes to VueLab’s Business. If VueLab engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of its assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), VueLab may share or disclose data in connection therewith, subject to standard confidentiality obligations.
- Aggregated or De-identified Data. If any data is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, we may use or disclose such aggregated or de-identified data for any purpose. For example, we may share aggregated or de-identified data with prospects or partners for business or research purposes, such as statistical analysis, predictive analysis, to research trends, \or to develop or improve the Services.
- Enforcement of Agreements. VueLab may disclose data to ensure compliance with and enforce Client Agreements and any other contractual or legal obligations with respect to the Services and our business.
- Protection of Rights. VueLab may disclose data to protect and defend our rights and property, including intellectual property rights, and to ensure compliance with applicable laws and enforce third party rights, including intellectual property and privacy rights.
- Legal Compliance. If we are compelled by law, such as to comply with a subpoena, court order, or other lawful process, or in response to a lawful request by public authorities to meet national security or law enforcement requirements, VueLab may disclose data if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation, or legal process.
- Safety and Security. VueLab may disclose data to protect your safety and security; to protect the safety, security and property of Clients; and to protect the safety, security, and property of VueLab and our employees, agents, representatives, and contractors.
- Your Consent. VueLab may disclose your data to third parties when we have your express consent to do so.
- Security Measures
VueLab maintains physical, technical, and administrative procedures to safeguard and secure the data we collect. For more information about our efforts to keep your data secure, please see our Security Practices.
- You provide Personal Data at your own risk.
- Unfortunately, no data transmission over the Internet is guaranteed to be 100% secure, and we cannot guarantee that unauthorized access, hacking, data losses, or other breaches will never occur.
- You are responsible for safeguarding your Authorized User account and password.
- If you believe your privacy has been breached, please contact us immediately at [email protected].
- Identifying the Data Controller and Data Processor
Data protection and privacy laws in certain jurisdictions differentiate between the “controller” and “processor” of data. In general, Client is the controller of Client Data. In general, VueLab is the processor of Client Data and the controller of Other Information.
- International Data Transfers
9.1 Transfer Mechanisms for Restricted International Data Transfers
VueLab does not transfer Personal Data from the European Union (EU), the European Economic Area (EEA), the United Kingdom (UK), or Switzerland to, or process such Personal Data in, a location outside of the foregoing, without Client’s prior written consent. However, VueLab may transfer Personal Data from the EU, the EEA, the UK, and Switzerland to, or process such Personal Data in, the United States where VueLab has implemented an international data transfer mechanism compliant with applicable data protection and privacy laws, which for example may include an international data transfer: (i) subject to an adequacy decision by the European Commission; (ii) to a recipient certified under Privacy Shield; (iii) subject to the Standard Contractual Clauses for the transfer of Personal Data to processors, which are incorporated herein by reference; (iv) where another appropriate safeguard pursuant to Article 46 of the the General Data Protection Regulation (“GDPR”) applies; or (v) where a derogation pursuant to Article 49 of the GDPR applies.
- Your Rights
Individuals located in certain countries and jurisdictions have certain statutory rights in relation to their Personal Data. Subject to any exemptions provided by law, you may have the right to exercise your rights and request certain actions with respect to your Personal Data.
10.1 General Privacy Rights
VueLab is committed to maintain accurate information that you share with us and will use commercially reasonable efforts to allow you to access your Personal Data. Upon request we will provide you with information about whether we hold, or process on behalf of a third party, any of your Personal Data. To request this information or if you wish to access, modify, or remove your Personal Data, please contact us as [email protected]. VueLab will endeavor to respond to all reasonable written requests to access, modify, or remove Personal Data in a timely manner within thirty (30) days.
If you seeks to access, modify, or remove Personal Data held or processed by us on behalf of a Client, you should direct your inquiry to your Client (e.g., your employer). Upon receipt of a request from one of our Clients for us to access, modify, or remove the data, we will respond to their request in a timely manner within thirty (30) days.
10.2 Additional Rights for Europe
- Right to Erasure (aka “Right to be Forgotten”). You may have a broader right to erasure of Personal Data that we hold about you, such as, for example, if it is no longer necessary in relation to the purposes for which it was originally collected or we do not have a legal reason to continue to process and hold it. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions, or to comply with our legal obligations.
- Right to Restrict Processing. You may have the right to request that we restrict processing of your Personal Data in certain circumstances, such as, for example, where you believe that the Personal Data we hold about you is inaccurate or unlawfully held. We may be permitted to store the data but not further process it. We may need to keep just enough data to make sure we respect your request in the future.
- Right to Data Portability. You may have the right to be provided with your Personal Data in a structured, machine readable and commonly used format and to request that we transfer the data to another data controller without effecting the usability of the data.
- Right to Object to Processing. You may have the right to request that we stop processing your Personal Data, such as for the purpose of direct marketing, scientific and historical research, or for a task in the public interest.
- Right to Lodge a Complaint. You may also have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority.
When offering Services to its Clients, VueLab acts as a “processor” under the GDPR and our receipt and collection of any Personal Data is completed on behalf of our Clients in order for us to provide the Services. Please direct any data subject requests under the GDPR to the Client with whom you have a direct relationship and whose Workspace you use.
For any other requests related to your applicable rights under the GDPR, please contact us at [email protected]. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.
10.3 Additional Rights for California
10.3.1 California Consumer Privacy Act
California residents have certain statutory rights under the California Consumer Privacy Act of 2018, as amended (“CCPA”) regarding their personal information (as defined by the CCPA). If you reside in California, you may have the right to exercise additional rights available to you under the CCPA, including:
- Right to Access. You may have the right to request disclosure of the categories and specific pieces of personal information collected about you. Upon a verifiable request to access personal information, we will promptly take steps to disclose and deliver, free of charge to you, the personal information required to be disclosed. The information may be delivered by mail or electronically, and if provided electronically, the information shall be in a portable and, to the extent technically feasible, readily useable format that allows you to transmit this information to another entity without hindrance. We may provide personal information to you at any time, but shall not be required to provide personal information to you more than twice in a 12-month period.
- Right to Deletion. You may have the right to request the deletion of your personal information. Upon a verifiable request to delete personal information, we will promptly delete such personal information from our records and direct any service providers to delete such personal information from their records, subject to certain exceptions under the CCPA.
- Right to Opt-Out of the Sale of Information. You may have the right to opt-out of the sale of your personal information to third parties. VueLab does not sell your personal information to third parties and will never sell your personal information to third parties without your express authorization.
VueLab will not discriminate against you for exercising your rights under the CCPA. Specifically, if you exercise your rights, we will not deny you services, charge you different prices for services, or provide you a different level or quality of services.
When offering Services to its Clients, VueLab acts as a “service provider” under the CCPA and our receipt and collection of any consumer personal information is completed on behalf of our Clients in order for us to provide the Services. Please direct any requests to exercise your rights under the CCPA to the Client with whom you have a direct relationship and whose Workspace you use.
For any other requests related to your rights under the CCPA, please contact us at [email protected]. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.
10.3.2 California “Shine the Light” Notice
VueLab does not disclose Personal Data to third parties for any third parties’ direct marketing purposes, and will not do so unless the Client or Authorized User affirmatively consents to such disclosure. Since VueLab provides its California users with notice of its rights as described above, pursuant to Section 1798.83(c)(2) of the California Civil Code, VueLab is in compliance with California’s “Shine the Light” law and is not obligated to provide California users with the names and addresses of all the third parties that received Personal Data from VueLab for the third parties’ direct marketing purposes during the preceding calendar year.
- Contact VueLab
You may contact us at:
Email: [email protected]
2 Spring Lane, Chappaqua,NY 10514
Last Updated: May 6, 2021