Last Updated: October 2021
We may provide “just-in-time” disclosures or additional information about our data collection, use and sharing practices of specific services. These notices may supplement or clarify ProductBoard’s privacy practices or may provide you with additional choices about how ProductBoard processes your personal information.
If you do not feel comfortable with any part of this Policy, you should cease using our Websites and Services.
- Policy Scope
- Personal Information You Provide
- Personal Information Automatically Collected
- Personal Information We Collect From Other Sources
- Why We Process Your Personal Information
- Legal Basis for Processing Your Personal Information
- Why We Share Your Personal Information
- Security & Confidentiality
- International Transfer of Personal Information
- Privacy Rights and Choices
- Notice to California Residents
- Children’s Personal Information
- Contact Us
1. Policy Scope
The ProductBoard Group is committed to protecting the privacy of individuals who interact with us. This Policy applies to the personal information we collect and use for our own purposes (i.e., as a “data controller”).
We provide this Policy to explain the ways in which we collect, use, and share personal information about individuals who:
- visit or interact with our websites, including www.productboard.com, portal.productboard.com as well as the other websites that the ProductBoard Group operates and that link to this Policy (collectively, “Websites”) (“Website Visitors”);
- subscribe to use our on-demand product excellence system, and tools and services made available from the Websites (our “Services”) through a Subscriber’s Account (“Users”); and
- attend or register to attend events which we organize or co-organize, or visit our offices (“Attendees”).
For purposes of this Policy “Websites”, shall refer collectively to www.productboard.com, portal.productboard.com as well as the other websites that the ProductBoard Group operates and that link to this Policy, the term “Services” shall refer to our on-demand product excellence system, and tools and services made available from the Websites. The term “Subscriber” refers to an individual that has agreed to our Terms of Service, available at: https://legal.productboard.com/terms, or such other applicable agreement between you and any member of the ProductBoard Group relating to access and use of our Services (“Services Agreement”), including an individual representing the Subscribing company. The term “Account” refers to a ProductBoard account or instance created by or on behalf of a Subscriber within the Services. The term “Users” shall refer to the individuals authorized to use our Services through a Subscriber’s Account.
2. Personal Information You Provide
In this Policy, “personal information” means information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, including by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity.
Account and Registration Information. If you are Subscriber, we must process certain personal information about you such as name, address, phone number, email address, instant messaging ID, and credit card information to provide our Services (collectively “Account Information”), and name or alias for each of your Users. By voluntarily providing us with this information, you represent that you are the owner of such personal information or are otherwise authorized to provide it to us, specifically, if you as a Subscriber provide us information related to the User, you represent that the User has not objected to such processing. We use a third-party intermediary is used to manage credit card processing.
User Information. We collect certain information automatically from Users through cookies and other tracking technologies when they use a Subscriber’s Account, subject to the applicable law’s consent requirements. We use this information to improve our services. In relation to all of the information that Users voluntarily provides when working in a Subscriber’s Account, the Subscriber is the data controller and we are a data processor.
3. Personal Information Automatically Collected
We partner with third parties to either display advertising on the Websites or to manage our advertising on other sites. Our third-party partners may use technologies such as cookies to gather information about your activities on our Websites and other sites in order to suggest advertisements based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the EEA or the United Kingdom click here). Please note this does not opt you out of being served ads and you will continue to receive generic ads.
Logs. As is true with most websites and services delivered over the Internet, we gather certain information and store it in log files when you interact with our Websites and Services. This information includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your devices, your mobile carrier, and system configuration information. Occasionally, we connect personal information to other information gathered in our log files as necessary to improve our Websites and Services. In such a case, we would treat the combined information in accordance with this Policy.
Session Replay Scripts. On our Services we may also use session replay scripts provided by third-party analytics service providers to better understand our users’ needs and to optimize our Services and user experience. These website analytics tools provide us heatmaps, session recordings of your activities on the Services, form analytics, feedback campaigns, and similar features and functionalities, including to assist in website debugging and customer service matters. Our session replay script providers may record your clicks, mouse movements, scrolling, form fills (keystrokes) in non-excluded fields, and other metadata such as IP address or device type. If you would like to opt-out of the use of session replay technologies on our websites, you may do so at any time by visiting FullStory at https://www.fullstory.com/optout/ or Hotjar at https://www.hotjar.com/legal/policies/do-not-track/.
Do Not Track. Some Internet browsers, like Internet Explorer, Firefox, and Safari, include the ability to transmit “Do Not Track” or “DNT” signals. Since uniform standards for “DNT” signals have not been adopted, our Websites do not process or respond to “DNT” signals.
4. Personal Information We Collect From Other Sources
Single Sign-On. You can log into certain Services using sign-in services such as Google Authentication or SAML. These services will authenticate your identity, without the need to sign in with a username and password combination.
5. Why We Process Your Personal Information
We process your personal information to:
- provide, operate, maintain and improve the Websites and Services;
- enable you to access and use the Services;
- process and complete transactions, and send you related information, including purchase confirmations and invoices;
- send transactional messages, including responses to your comments, questions, and requests; provide customer service and support; and send you technical notices, updates, security alerts, and support and administrative messages;
- send promotional communications, such as providing you with information about products and services, features, surveys, newsletters, offers, promotions, contests, and events; and provide other news or information about us and our partners;
- process and deliver contest or sweepstakes entries and rewards;
- monitor and analyze trends, usage, and activities in connection with the Websites and Services and for marketing or advertising purposes;
- investigate and prevent fraudulent transactions, unauthorized access to the Services, and other illegal activities;
- personalize the Websites and Services, including by providing features or advertisements that match your interests and preferences; and
- comply with our legal obligations, including our obligations related to personal data protection.
6. Legal Basis for Processing Personal Information
For individuals who are located in the European Economic Area, the United Kingdom or Switzerland or Brazil) at the time their personal information is collected, our legal basis for processing your information under the applicable laws will depend on the personal information at issue, the specific context in the which the personal information is collected and the purposes for which it is used. We generally only process your personal information where we are legally required to, where processing is necessary to perform any contracts we entered with you (or to take steps at your request prior to entering into a contract with you), where processing is in our legitimate interests to operate our business and not overridden by your data protection interests or fundamental rights and freedoms, or where we have obtained your consent to do so. In some rare instances, we may need to process your personal information to protect your vital interests or those of another person.
We process your information for the purposes described in this Policy, based on the following legal grounds:
(i) When we are pursuing legitimate interests.
- We process your personal information for our legitimate interests and those of third parties. This means that we process your information for things like: providing, operating; maintaining, and improving our Services; enabling you to access and use the Services; promoting the Services; sending promotional communications, including through the use of tools or services that may provide us with personal contact information for potential job applicants or business contact information for prospective customers; monitoring and analyzing trends, usage, and activities in connection with the Websites and Services (subject to applicable law); investigating and preventing fraudulent transactions, unauthorized access to the Services, and other illegal activities; personalizing the Websites and Services.
(ii) When we are providing a service pursuant to a contract.
- We process your personal information to provide you with our Services pursuant to the Service Agreement or other contract between you and us. This means that we process your personal information to: enable you to access and use the Services; process transactions, and send you related information; provide customer service and support.
(iii) When we are complying with legal obligations
- We process your personal information when we have a legal obligation to do so, for example, if we are responding to legal process or an enforceable governmental request.
(iv) With your consent.
- In certain situations, we may request your consent to process your personal information for specific purposes and you have the right to withdraw your consent at any time. For example, we ask for your consent to publish your testimonial, if it includes your identification. If you wish to withdraw your consent, you can contact us at email@example.com.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to Contact Us” heading below.
7. Why We Share Your Personal Information
We take care to allow your personal information to be accessed only by those who really need access in order to perform their tasks and duties, and to share with third parties who have a legitimate purpose for accessing it. We may share personal information about you with third parties in the following circumstances.
- Third-Party Service Providers. We share your personal information with our third-party service providers that we use to provide hosting for and maintenance of our Websites, application development, backup, storage, payment processing, analytics and other services for us. A list of our third party subprocessors can be found here: https://www.productboard.com/subprocessors/. These third-party service providers may have access to or process your personal information for the purpose of providing these services for us. We do not permit our third-party service providers to use the personal information that we share with them for their marketing purposes or for any other purpose other than in connection with the services they provide to us.
- Testimonials. From time to time, we may post testimonials on the Websites that may contain personal information. We obtain your consent to post your name along with your testimonial. If you wish to update or delete your testimonial, you can contact us at firstname.lastname@example.org.
- Referrals. If you choose to use our referral service to tell a friend about our Services, we will ask you for your friend’s name and email address. We will automatically send your friend an email inviting him or her to visit the Websites and will store this information for the purpose of sending this initial email, tracking the success of our referral program and other marketing activities. Your referral may contact us at email@example.com to request that we remove his/her information from our database.
- Interactive Areas. The Websites may offer feedback forms, comments sections, discussion forums, or other interactive features (“Interactive Areas”). You should be aware that any information that you post in an Interactive Area might be read, collected, and used by others who access it, in particular to Users who initiated the particular Interactive Area. To request removal of your personal information from an Interactive Area, contact us at firstname.lastname@example.org. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
- ProductBoard Group Sharing. We may share information, including personal information, with any member of the ProductBoard Group.
- With Your Consent. We may also share personal information with third parties when we have your consent to do so.
8. Security & Confidentiality
We maintain (and require service providers to maintain) generally accepted, reasonable, and appropriate standards to protect your personal information, both during transmission and once it is received. For example, we employ physical access controls, encryption, Internet firewalls, intrusion detection and network monitoring depending on the nature of the information and the scope of processing. In deciding what is reasonable and appropriate we take into account the risks involved and the nature of the information. However, no security procedures or protocols are ever guaranteed to be 100% secure. In the event that we are required by law to inform you of a breach to your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
If you have any questions about the security of your personal information, you can contact us at email@example.com.
9. Retention of Your Personal Information
10. International Transfer of Personal Information
We primarily store personal information about Website Visitors and Subscribers within the European Economic Area (the “EEA”) and in the United States. To facilitate our global operations, we may transfer and access such personal information from around the world, including from other countries in which the ProductBoard Group has operations. If and when transferring your personal data from the EEA, United Kingdom or Switzerland, or via an onward transfer we rely on the Standard Contractual Clauses adopted by the EU Commission as appropriate safeguards.
We will protect your personal information in accordance with this Policy wherever it is processed and will take appropriate contractual or other steps to protect the relevant personal information in accordance with applicable laws. We contractually obligate recipients of your personal information to agree to at least the same level of privacy safeguards as required under applicable data protection laws.
For residual Privacy Shield disputes that cannot be resolved by the methods above, you may be able to invoke a binding arbitration process under certain conditions. To find out more about the Privacy Shield’s binding arbitration scheme, please see: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
If we have received your personal information under the Privacy Shield and subsequently transfer it to a third party service provider for processing, we will remain responsible if they process your personal information in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
The Federal Trade Commission has investigation and enforcement authority over our compliance with the Privacy Shield.
Productboard maintains its participation in the Privacy Shield framework and continues to adhere to all core Privacy Shield privacy principles that support any approach to data transfers.
11. Your Privacy Rights and Choices
Marketing Communications. If you do not want to receive marketing email communications from us, you can opt-out by clicking on the “unsubscribe” link located on the bottom of our marketing emails or you may send a request to firstname.lastname@example.org.
Right to Correct or Update Your Information. You may request that we correct or update any inaccurate or incomplete personal information by contacting email@example.com. Subscribers to our Services may update or change their Account Information at any time by editing their profile or organization record or by contacting firstname.lastname@example.org for more detailed instructions.
Additional Rights for Certain Territories: If you reside in certain territories (such as the European Economic Area, Switzerland, the United Kingdom. Japan or Brazil), you may have the right to exercise certain privacy rights available to you under applicable law. If any of the rights listed below are not provided under law for your jurisdiction, we have the absolute discretion in providing you with those rights.
Your personal information rights are not absolute. Depending upon the applicable law, access to your rights under the applicable law may be denied: (a) when denial of access is required or authorized by law; (b) when granting access would have a negative impact on another’s privacy; (c) to protect our rights and properties; (d) where the request is frivolous or vexatious, or for other reasons.
- Right not to provide consent or to withdraw consent: We may seek to rely on your consent in order to process certain personal information. Where we do so, you have the right not to provide your consent or to withdraw your consent at any time. This does not affect the lawfulness of the processing based on consent before its withdrawal.
- Right of access and/or portability: You may have the right to access the personal information that we hold about you and, in some limited circumstances, have that data provided to you so that you can provide or port that data to another provider.
- Right of erasure: In certain circumstances, you may have the right to the erasure of personal information that we hold about you (for example if it is no longer necessary for the purposes for which it was originally collected).
- Right to object to processing: You may have the right to request that VMware stop processing your personal information and/or to stop sending you marketing communications.
- Right to rectification: You may have the right to require us to correct any inaccurate or incomplete personal information.
- Right to restrict processing: You may have the right to request that we restrict processing of your personal information in certain circumstances (for example, where you believe that the personal information we hold about you is not accurate or lawfully held).
- Right to lodge a complaint to your local Data Protection Authority: You may have the right to lodge a complaint with your national Data Protection Authority or equivalent regulatory body.
To assert your privacy rights, please email email@example.com. Please note that to protect your privacy and security, we must be able to verify your identity before we can process your request to exercise any of the privacy rights that you may be entitled to under the applicable law. We may conduct the verification process by email or phone, and we may ask you to provide information such as your name, contact information, and any additional relevant information based on your relationship with us. You may also use an authorized agent to submit a request to opt out on your behalf if you provide the authorized agent signed written permission to do so.
You may have other privacy rights if you are a California Residents, see our “Notice to California Residents” section below for more information.
Rights and Choices where ProductBoard Acts as a Processor: An individual who seeks access to, or who seeks to correct, amend, or delete inaccuracies in personal information stored or processed by us on behalf of a Subscriber should direct his/her query to the Subscriber (the data controller).
Social Media Accounts
- Facebook by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland: facebook.com/about/privacy
- Instagram by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2 Ireland: help.instagram.com/519522125107875
- Twitter by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, twitter.com/en/privacy
- YouTube by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland: policies.google.com/privacy?hl=en-UK
- Pinterest by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland: policy.pinterest.com/en/privacy-policy
- Spotify by Spotify AB, Regeringsgatan 19, 111 53 Stockholm, Sweden: spotify.com/ie/legal/privacy-policy/
12. Notice to California Residents
This notice to California residents is provided under California law, including the California Consumer Privacy Act (“CCPA”), Cal. Civ. Code 1798.100, et seq.. The information provided below relates to the personal information, the ProductBoard Groups process as a data controller, which is known as a “business” under the CCPA. If you are a California resident, this Section applies to you in addition to the rest of this Policy.
Categories of Personal Information Collected. In the preceding 12 months, we have collected the following categories of personal information: identifiers (such as your name and contact information); commercial information (such as information about products or services you have purchased); internet or other electronic network activity information (such as your IP address, device identifier, and other information captured by online tracking technologies); and inferences drawn from the information collected about you. When you purchase a product or service from us, we may also collect information described in Section 1798.80(e) of the California Civil Code (such as signature and credit/debit card number). For examples of the precise data points we collect and the categories of sources of such collection, please see Sections 3, 4, and 5 of this Policy.
Business or Commercial Purpose for Collecting and Using Personal Information. We collect the categories of personal information described in this Section for the business or commercial purposes described in Section 6 of this Policy.
Categories of Personal Information Disclosed and Categories of Recipients. In the preceding 12 months, we have disclosed the following categories of personal information for business or commercial purposes to the following recipients:
- We share identifiers with advertising networks, Internet service providers, data analytics providers, operating systems and platforms, social networks, payment processors, customer support partners, events and promotions partners, and fraud prevention partners.
- We share commercial information with advertising partners, data analytics providers, payment processors, fulfilment partners, customer support partners, and fraud prevention partners.
- We share internet and electronic network activity information with advertising partners, Internet service providers, data analytics providers, operating systems and platforms, internet service providers, customer support partners, and fraud prevention partners.
- We share information described in Section 1798.80(e) of the California Civil Code (such as signature and credit/debit card number) with: our affiliates and subsidiaries, our business partners, financial institutions, professional services organizations such as auditors and law firms, and other service providers.
- We share inferences with advertising networks, internet service providers, data analytics providers, and fraud prevention partners.
We may also share the above categories of information with government entities as may be needed to comply with our legal obligations or prevent illegal or fraudulent activity.
Your Rights. For personal information collected by us during the preceding 12 months preceding your request that is not otherwise subject to an exception, California residents have the right to access and delete their personal information. We will not discriminate against those who exercise their rights. You have the right to (a) opt out of any sales of personal information that may be occurring; and (b) not be discriminated against for exercising these rights.
Sale of Personal Information. If you are a California resident, you have the right to “opt out” of the “sale” of your “personal information” to “third parties” (as those terms are defined in the CCPA). To submit a request to opt out of the sale of your personal information, you may visit our “Do Not Sell My Personal Information” page or send an email to firstname.lastname@example.org with the subject line “Do Not Sell My Info.”
If you are a California resident and you would like to exercise your rights described in this Policy, you can submit your request by emailing us at: email@example.com with the subject line “CCPA Rights.”
13. Children’s Personal Information
We do not knowingly collect any personal information from children under the age of 16. If you are under the age of 16, please do not use or submit any personal information through our Websites or Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide personal information through the Websites or Services without parental permission. If you have reason to believe that a child under the age of 16 has provided personal information to us through the Websites or Services, please contact us at firstname.lastname@example.org, and we will use commercially reasonable efforts to delete that information.
14. Contact Us
If you have questions regarding this Policy or about the privacy practices of ProductBoard, please contact us by email at email@example.com, or at: ProductBoard, Inc., Attn: Privacy Officer, 333 Bush Street, 20th floor, San Francisco, CA 94104, United States of America.
If you are located in the EU, you may contact us at: ProductBoard s.r.o., Czech company with Id. No. 07323301, or via email at firstname.lastname@example.org.