Effective from 25th May, 2018
Shiminly is the company who collects any personal data submitted through Shiminly.
We may update this policy periodically, please check this page to ensure that you are in agreement with any changes.
Application of Policy
This Policy applies to any visitor to our Site; users of the Services; individuals who contact us or with whom we communicated via phone, email, or otherwise; and customers, including both free trial and paid account holders.
To EU Residents: Company processes your personal data in accordance with the EU data protection legislation, including national or international legislation implementing the EU Data Protection Directive (until superseded), the Privacy in Electronic Communications (“ePrivacy”) Directive (EU), and the General Data Protection Regulation (EU) 2016/679 (“GDPR”), as amended or superseded.
Changes to this Policy
We may update this Policy to reflect changes to our privacy practices. If you are a Company customer and we make any material changes that affect the way we treat information that we have previously collected from you, we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice through the Services prior to the change becoming effective. We encourage you to periodically review this Policy for the latest information on our privacy practices.
Our Services permit End-Users or Experts to share and manage information by creating, uploading, and attaching what we call “Content” with Experts that can be shared, stored, and accessed through the Site. In this Policy, we distinguish between Content and all other information about you. We have no control over the information contained within Content, including any personal data. Content does not include usage information we collect about how users access, create, share, and manage Content (e.g., file sizes or access logs). Company is a data processor of the Content, and will only process personal data from the Content on behalf, and under the instructions, of our End Users or Experts or where otherwise required by applicable laws. Please refer to the Terms of Service Agreement that governs your use of the Services.
Sensitive Data. We have no control over whether Sensitive Data is contained in Content. However, we do not intentionally collect – and will not request – Sensitive Data. If a Company employee discovers that we have received Sensitive Data, the employee will inform a designated contact within our company who will assess the processing of such data. “Sensitive Data” means personal data that discloses an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, criminal proceedings, biometrics, and data concerning health.
Other Information We Collect About You
This section describes information that is not content.
We collect personal data about you directly from you, from others (e.g., our Experts), and automatically when you use the Services. If the personal data we process is needed to comply with law, or to enter into or perform an agreement with you, we will inform you accordingly at the time of such data collection. If we cannot collect this data, we may be unable to on-board you as a customer or provide services to you.
Information We May Collect Directly from You.
At Account Creation. An email address is required to provision a new account (paid or trial) to use our Site. Without this, we are unable to create your account. You may choose to provide other information at account creation, including contact information (full name, phone number, grade, etc.).
When Purchasing Services. If you purchase a paid subscription, you may need to provide us billing and payment information, including full name, company name, billing address, and credit card number. If you do not provide us this information, you may be unable to subscribe and your access to our Services may be limited.
In Online Submissions. We collect information through interactive features of our Site – e.g., when you submit online forms; participate in surveys, contests, promotions; join online sessions/ chat/ discussions; request customer support; respond to “Contact Us” invitations; submit testimonials; or if you refer a friend (see Referrals). Personal data gathered may include contact information (full name, phone number, email, grade, etc.), information about your use of Company, and any other information you choose to share.
In Other Communications. You may share information in communications with us relating to the Services, including during phone calls (and call recordings), chats, or over email. Personal data gathered may include contact information, employment details, user preferences, and any other information you choose to share. Please provide us personal data only that we need in order to respond to your request.
Information We Collect From Third Parties.
When Purchasing Services. A third-party intermediary is used to manage credit card processing. It is not permitted to store, retain, or use your billing information for any purpose except for credit card processing on our behalf.
Third Party Sources. Subject to applicable laws, we may gather information about you from lead-sharing tools including LinkedIn Lead Generation, or as leads from Company’s global resale partners, as well as public information – including internet searches relating to you or your company – in order to better service your account and to provide more relevant assistance and marketing.
Our Experts are responsible for ensuring that Content is collected and handled (including any personal data therein) in compliance with applicable laws. As a processor, we handle Content as directed by our End-Users, pursuant to our relevant agreements. We only access Content as necessary to:
• Respond to customer support requests.
• Comply with the law or legal proceedings; for example, we may disclose Content in response to lawful requests by public authorities, including responding to national security or law enforcement disclosure requirements.
• Investigate, prevent, or take action against suspected abuse, fraud, or violation of our policies and terms.
Purposes for which We Use Personal Data
We use the personal data we collect under this Policy in furtherance of our legitimate business interests, which include:
• Provision of Services: To provide and operate our Services, fulfill your orders and requests, process your payments, for bug and error reporting and resolution, to perform upgrades and maintenance, and for similar purposes.
• Customer Support: To communicate with you about your use of the Services; respond to your communications, complaints and inquiries; provide technical support; and for other customer service and support purposes.
• Personalization: To tailor content we send or display to you in order to offer location customization and personalized help and instructions, and to otherwise personalize your experience using the Services.
• Marketing and Promotions: With your permission and/or where permitted by law, we may use contact information for direct marketing and promotional purposes. For example, we may use contact information such as your email address to send you newsletters, special offers or promotions, or to otherwise contact you about Company Services or information we think may interest you. As explained above, we do not use Content for direct marketing purposes. You may opt out of receiving marketing emails by following the opt-out instructions in the email or emailing [email protected] We may still email customer service and transaction-related communications, even if you have opted out of receiving marketing communications.
• Advertising: To assist in advertising the Services on third party websites.
• Analytics and Improvement: To better understand how users access and use the Services, and for other research and analytical purposes, such as to evaluate and improve the Services and to provide additional services, and features. While we may collect and analyze usage details (e.g., storage size used, access logs, etc.) related to Content, we do not actually access Content for these purposes.
• Protect Legal Rights and Prevent Misuse: To protect the Services; prevent unauthorized access and other misuse; and where we believe necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or violations of our Terms of Service Agreement or this Policy.
• Comply with Legal Obligations: To comply with the law or legal proceedings; for example, we may disclose information in response to lawful requests by public authorities, including responding to national security or law enforcement disclosure requirements.
• General Business Operations: Where necessary to the administration of our general business, accounting, recordkeeping, and legal functions.
|Purpose of Processing /Legitimate Business Interests (see above)||Legal Bases of Processing (EU Users)*|
|Provision of Services Customer Support||• Necessary to Enter into or Perform a Contract with You (upon your request, or as necessary to make the Services available) • Our Legitimate Business Interests*|
|Personalization Marketing and Promotions Advertising||• Our Legitimate Business Interests** • With Your Consent|
|Analytics and Improvement||• Our Legitimate Business Interests** • With Your Consent|
|Protect Rights and Prevent Misuse Comply with Legal Obligation||• Compliance with law • Establish, defend, or protect of legal interests|
|General Business Operations||• Our Legitimate Business Interests** • Establish, Defend or Protect Legal Interests • Compliance With Law|
*For the personal data from the EU that we process, this column describes the relevant legal bases for such processing under GDPR (and local implementing laws of EU member states); this does not limit or modify the obligations, rights, and requirements under the privacy laws of non-EU jurisdictions.
** For the personal data from the EU, the processing is in our legitimate interests, which are not overridden by your interests and fundamental rights. Marketing to EU data subjects is done only with opt-in consent.
How We Share Information
We will not sell information about you to a third party or allow a third party to use information we provide for its own marketing purposes. We may share information about you with your consent, at your request, or as follows:
Content and Usage. Company is a data processor with respect to Content and certain other user information we collect in providing the Services to our End-Users. This means: (a) the End-Users controls the information and determines how it may be used, and (b) we will process this information only under the written instructions of our End-Users or where otherwise required by applicable laws. So, if you use the Services under anEnd-Users account, Content and other information associated with your account (e.g., who has accessed, shared, amended, created, edited, or deleted Content) may be disclosed to the End-Users.
Account Discovery. If the email address which you used to register with us belongs to a entity (with the exception of known ISP email providers such as Gmail), we may disclose your email address and account information to (a) users associated with that entity if you are a plan administrator in order to help those users contact you, and (b) the entity and its Company plan administrators in order to help them understand who in the organization is using Company.
To Other Users of the Services
Content. Content you choose to share with, or make available to, other users is shared as designated by you, and you should consider that it may be further shared by your collaborators; we are not responsible for, nor does this Policy apply to, the collection, use, processing, or sharing of Content by other users in this manner.
To Payment Processors. If you use a third party to facilitate your payment obligations, we will share certain account-usage and billing-related information about your account with such third party for billing and business administration purposes. Resellers and payment processors are independent data controllers of your personal data.
When Processing Referrals. When you refer a friend who later signs up for the Services, we may contact you about the successful referral to provide you a referral credit.
In Testimonials. With your consent, we may publish Customer testimonials you share with us, which could contain personal data such as your full name and other information you choose to share. If you wish to update or remove your testimonial, please notify us at [email protected]
Through Use of Community Features. Our Site may include interactive features, including forums, online communities, bulletin boards and publicly accessible blogs (“Community Features”). You should be aware that any information that you post in a Community Feature might be read, collected, and used by others who access it. To request removal of your personal data from a Community Feature, contact us at [email protected] We will make commercially reasonable efforts to remove your personal data from our Site, and will let you know if we are unable to do so and why.
To Our Service Providers. We may share information about you with third party vendors, consultants and other service providers (data processors) who are working on our behalf or providing services to us. We obtain appropriate contractual protections to limit these service providers’ use and disclosure of any information about you that we share with them.Chat interaction between the in-houseExperts and End-users may be stored and utilized in an anonymised manner for training, improving quality of counselling services provided and for analysis of statistical data derived thereof. Answers to any quiz/questionnaire may be stored and such data may be anonymised and used for analysis and statistical purposes. An Expert may record any of the Counselling Sessions or interactions between the End User and the Expertthrough the Sites only with the express prior written consent of the End User. If Medico Legal/ legal cases are issued against any of the Expert, the implications of the same lie with the Expert and the Company is NOT in any case, liable for the same and is also not liable for any breach in confidentiality by the Experts or the Third party service providers.
Infrastructure Processors. We use certain third parties for some of the infrastructure used to host data that is submitted to Site, including cloud providers.
Service Processors. We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
We may pass your information to third party service providers who we have engaged for the purpose of completing tasks and providing services to you on our behalf (for example, at times we work alongside freelance copywriters if you request such services). We disclose only the personal information that is necessary to deliver the service.
We also use a number of 3rd party services to help us fulfil our contractual obligations. These 3rd party services are listed in full below; we have verified that these 3rd party services are GDPR compliant (or are working towards GDPR compliance), and are certified under the EU-US Privacy Shield Framework (or are working towards certification) where these organisations are based outside of the EU.
The following table outlines the personal data we collect and for what purpose. The table also outlines the 3rd parties the data is processed by or shared with, and how long the data is stored for:
|Name||What||Legal Ground||Purpose||3rd Parties||Data Retention|
|Hosting Accounts||Client contact information||Contract||Required to set up a user account for each hosting client on Shiminly.com – so they can access support||Acuity, Amelia, Mailchimp, Canvas LMS,||Until request for account deletion/cessation of hosting contract|
|Analytics||Website visitor behavior (anonymised – full IP address is NOT stored)||Legitimate interests||To analyse popular content, website performance, etc – so we can further improve.||Google Analytics||Indefinitely/for as long as Google Analytics retains. NB: not personal data|
|Blog Comments||Website commenter name, email address and website||Legitimate interests||To allow website users to comment on and discuss blog posts, or ask questions.||WordPress||Until request for deletion. To maintain flow of conversation comments may not be deleted on request, but all personally identifying information will be removed.|
|To maintain contact information for clients and notes for the web design process.||Acuity, Amelia, Mailchamp||Until request for deletion.|
|Used for providing FAQ to users.||Acuity, Amelia, Mailchamp|
|Initial interaction on messenger.||Acuity, Amelia, Mailchamp|
|Records phone conversations with End Users-accessible only to Experts and top management, and used for quality control.||Acuity, Amelia, Mailchamp|
|Online educational courses.||Canvas LMS|
|Used for quizzes and surveys.||Canvas LMS|
|For customer interactions on website.||Amelia, Acuity|
|Used previously for customer interaction.||Amelia, Acuity|
|For video chat.||Zoom|
|Send emails to clients.||Mail Chimp|
Subcontractors: Independent Contractors. We may employ the assistance of independent contractors to work on specific projects. We train these independent contractors on applicable Company policies and they are required to adhere to substantially the same data security practices as are Company employees.
As Required by Law. We release information about you if we believe we must do so to comply with the law or a subpoena, bankruptcy proceeding, or similar legal process.
To Protect Rights. We may disclose information about you, such as your name, contact information, and billing information, to enforce our agreements with you or to protect the rights and safety of Company, our customers, our users, and the general public, or as evidence in litigation in which we are involved.
In a Business Transaction. If Company is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred to the acquiring entity as part of the transaction, and may also be reviewed as part of the due diligence review for the transaction. For example, we may need to provide a list of all customer accounts and payment histories.
Aggregate and Anonymized Information. We may share aggregate or anonymized information about users with third parties for marketing, advertising, research, or similar purposes. For example, if we display advertisements on behalf of a third party, we may share aggregate demographic information with that third party about the users to whom we displayed the advertisements.
In order to make our platform as user-friendly as possible, we – like many other companies – use “cookies”.
Cookies. A cookie is a small text file that is stored in your web browser that allows Company or a third party to recognize you. Cookies can either be session cookies or persistent cookies. A session cookie expires automatically when you close your browser. A persistent cookie will remain until it expires or you delete your cookies. Expiration dates are set in the cookies themselves; some may expire after a few minutes while others may expire after multiple years. Cookies placed by the website you’re visiting are sometimes called “first party cookies,” while cookies placed by other companies are sometimes called “third party cookies.”
Types of Cookies.
Essential Cookies. These are first party cookies that are sometimes called “strictly necessary” as without them we cannot provide much of the functionality that you need on the Services. For example, essential cookies help remember your preferences as you move around the Services.
Analytics Cookies. These cookies track information about how the Services are being used so that we can make improvements and report our performance. They collect information about how visitors use the Services, which site the user came from, the number of each user’s visits, and how long a user stays on the Services. We might also use analytics cookies to test new pages or features to see how users react to them. Analytics cookies may either be first party cookies or third party cookies.
Preference Cookies. These cookies are also sometimes called “functionality cookies.” During your visit to the Services, cookies are used to remember information you have entered or choices you make (such as your username, language, or region) on the Services. They also store your preferences when using the Services, for example, your preferred language. These preferences are remembered, through the use of persistent cookies, and the next time you visit the Services you will not have to set them again.
Targeting or Advertising Cookies. These third party cookies are placed by third party advertising platforms or networks in order to deliver ads, track ad performance, and enable advertising networks to deliver ads that may be relevant to you based upon your activities (this is sometimes called “behavioral” “tracking” or “targeted” advertising). More information about how cookies are used for advertising purposes is explained below in Behavioral Targeting and Remarketing.
How to Disable Cookies. The “help” portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. If you disable cookies, be aware that some features of our Services may not function.
Clear GIFs. Clear GIFs (a.k.a. web beacons or pixel tags) are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, clear GIFs are embedded invisibly on web pages, and are not stored on your hard drive. We might use clear GIFs to track the activities of Platform visitors and users of our Services, to help us manage content, and to compile statistics about usage. We and our third party service providers also might use clear GIFs in HTML e-mails to our customers to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded.
Opting Out of Ad Networks. If you wish to not have this cross-site information used for the purpose of serving you targeted ads, you may opt-out of many ad networks by clicking here You will continue to receive ads on the sites you visit, but the ad networks from which you have opted out will no longer target ads to you based upon your activities on other sites. Please note, however, that these opt-out mechanisms are cookie based; so, if you delete cookies, block cookies or use another device, your opt-out will no longer be effective.
Do Not Track. Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Currently, our systems do not recognize browser “do-not-track” requests. In the meantime, you can use the “help” portion of the toolbar on most browsers to learn how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. If you disable cookies, be aware that some features of our Platform/Services may not function.
Your Choices and Rights
Closing Your Account. If you wish to close your account, you may do so by logging in and using the Account Administration settings or by contacting us at [email protected] If you shared any Content or information through our Services with other users, such Content or information will continue to be accessible to such users.
Content. Requests to access, delete, or modify Content will be directed to the Customer who owns the account. If you wish to request access to personal data contained in Content to delete, modify, or limit use, please provide us with the name of the Customer who submitted your information to our Services. We will refer your request to that Customer and will support them as needed.
Access and Correction. If you are not on an enterprise account, you may log in and use the Account Administration settings or contact us at [email protected] to access or update account profile information. If you are on an Enterprise account, you may login log in and use the Account Administration settings or contact an administrator for the account to access or update account profile information. Company will support its enterprise customers as needed to update your account information.
Marketing Choices. Customers can always opt out of being contacted by us for marketing or promotional purposes by following the opt-out instructions located in the e-mails we send, by changing the account privacy settings, or by emailing us at [email protected] Please note that if you opt out of marketing communications, Company will continue to send you transactional or service-related communications, such as service announcements and administrative messages. If you do not wish to receive these, you have the option to cancel your account by logging in and using the Account settings or by emailing us at [email protected]
Users in the European Economic Area.
Individuals in the EEA have the following rights with respect to their personal data under the Data Protection Act 1998 or GDPR:
- Access. You can ask us to confirm whether we are processing your personal data; give you a copy of that data; and provide you with other information about your personal data such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad, how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out any profiling, to the extent that such information has not already been provided to you in this Policy.
- Rectification. You can ask us to rectify inaccurate information. We may seek to verify the accuracy of the data before rectifying it.
- Erasure. You can ask us to erase your personal data, but only where it is no longer needed for the purposes for which it was collected; you have withdrawn your consent (where the data processing was based on consent); following a successful right to object (see ‘Objection’ below); it has been processed unlawfully; or to comply with a legal obligation to which we are subject. We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims. There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.
- Restriction. You can ask us to restrict (i.e., keep but not use) your personal data, but only where its accuracy is contested (see ‘Rectification’ above), to allow us to verify its accuracy; the processing is unlawful, but you do not want it erased; it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise, or defend legal claims; you have exercised the right to object, and verification of overriding grounds is pending. We can continue to use your personal data following a request for restriction where we have your consent; to establish, exercise, or defend legal claims; or to protect the rights of another natural or legal person.
- Objection. You can object to any processing of your personal data which has our ‘legitimate interests’ as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests. Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. In addition, you can object to the processing of your personal data for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing without providing any reason. We will then cease the processing of your personal data for direct marketing purposes.
- Portability. You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another Data Controller, but only where our processing is based on your consent and the processing is carried out by automated means.
- Withdrawal of Consent. You can withdraw your consent in respect of any processing of personal data which is based upon a consent which you have previously provided.
Children’s Personal Data
The Services are not directed toward children and we do not encourage children to participate in providing us with any personally identifiable information. We do not knowingly collect any personal data from children under the age of 18. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide personal data through the Services. If you have reason to believe that a child under the age of 18, without a parent or guardian’s consent has provided personal data to us through the Services, please contact us at [email protected] and we will use commercially reasonable efforts to delete that information.
International Transfer of Data. We are based in United States of America and the information we collect is governed by applicable data privacy laws. The information we collect may be transferred to, used from, and stored in Massachusetts or other jurisdictions in which Company, our affiliates, or service providers are located; these jurisdictions (including Massachusetts) may not guarantee the same level of protection of personal data as the jurisdictions in which you reside. By using the Services, you acknowledge and agree to any such transfer of information outside of the jurisdiction in which you reside.
Law Enforcement Requests. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Onward Transfers. Third parties who process personal data on our behalf must agree to use such personal data only for the purpose for which it is provided by us and they must contractually agree to provide adequate protections for personal data. Company will continue to be liable for any onward transfers of personal data to such third parties. Where required by applicable data protection laws, we have ensured that such third parties sign standard contractual clauses as approved by the European Commission or other supervisory authority.
Security of your Information
The security of your Information is important to us and we take reasonable measures to protect the security of Your Information. The Site takes appropriate technical and organizational measures to protect your personal information. However, there is always some risk that an unauthorized third party may access our systems or that transmissions of your information over the Internet may be intercepted. In order to prevent unauthorized access or disclosure we use standard Secure Socket Layer (SSL) encryption that encodes information for such transmissions. Text chat / Email chat/ video and phone chat Transcripts are not stored on the servers. Access to stored data is protected by multi-layered security controls including firewalls, role-based access controls and passwords and will only be accessible to Expertand end user who takes the consultation session. These technologies help ensure that Personal Information is safe, secure, and is displayed only to You and those to whom You have granted access including but not limited to authorized personnel of the Site that require this information for work purposes.
We keep your personal data for as long reasonable necessary for the purposes set out in Section 4 above. Except as noted below, we will retain your account profile data as necessary for our legitimate business purposes or to comply with our legal obligations (such as record keeping, accounting, fraud prevention and other business administrative purposes); generally, where we no longer have a legitimate business purpose to retain it, we will anonymize or delete such personal data within 180 days after the closing of your account. However, we will maintain your personal information longer where required for tax or accounting purposes, to ensure we would be able to defend or raise a claim, or where we have a specific need to retain, though we will generally not keep personal data for longer than seven years following the last date of communication with you. Legitimate business purposes that we may rely on to keep your personal data when you are not a customer include direct marketing (where you have not opted-out) for up to two years, facilitating the restoration or establishment of a user account in the future, maintaining Company’s business intelligence systems for analytics and other internal purposes, etc. Where your information is no longer required, we will ensure it is disposed of in a secure manner.
Contacting Us/Dispute Resolution
If you have any questions or concerns regarding the way in which your personal data is being processed or you want to exercise your rights above, please reach out to Company using the contact information below:
Company’s Legal Head, who serves as Company’s data protection contact, and can be contacted at [email protected] .
If you remain dissatisfied, you have the right to reach out directly to the Data Protection Authority in your jurisdiction. We do ask that you please attempt to resolve any issues with us first, although you have a right to contact the Data Protection Authority at any time.