Last updated 27 May, 2020
Welcome to Thinglink.com! Our mission is to provide ThingLink users with innovative, accessible and affordable tools for building visual learning experiences in the cloud. Here we describe how we collect, use, and process your personal information when you use our Service, the types of personal data we process and how you may use your rights as a data subject.
Data controller and controller’s contact details
Name: Thinglink Oy
Company ID: 2329185-9
Correspondence address: Lapinlahdenkatu 16, 00180 Helsinki, Finland
E-mail address: firstname.lastname@example.org
Thinglink, Inc. may also be the controller for some of the processing activities related to the Services provided by Thinglink Oy.
1. WHAT’S COLLECTED AND WHY?
We collect and use the following information to provide, improve, and protect our Services:
Information You Provide:
- Optional Profile Information. After you setup your account, ThingLink members may also choose to provide additional information which may be shared with others on the Service or through your public profile, such as your name, email address, nickname or online alias, other ThingLink accounts you choose to follow, Immersive Images (as defined in the Content Information section below), websites, and other information relating to your User Content or your use of the Service. In connection with your use of the Service, we may also collect information created or provided by you, or that we otherwise receive, in connection therewith.
- Payment and Billing Information. We also collect credit card or payment information for paid subscriptions. This information will be securely stored with a third party specialized in the handling of such information, such as a credit card payment gateway or other payment vendors. ThingLink does not receive or process your payment card data.
- Messages. If you correspond with us, you may also provide us personal information when you respond to surveys, communicate with our engineering or support teams about a question regarding the Service, or post a question about your User Content in our public forums.
- Telephone Information. If we call you, or you call us, to discuss our Service, we may collect personal information from you, including your name, company name, business address, phone number, job title, email address, whether you use the Service, information about your business needs, the number of users of our Service you require as well as other similar information you decide to share with us.
Information We Collect Automatically:
- Device Information. Like most online service providers, we collect information that web browsers, mobile devices, and servers typically make available, such as the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information. Your devices (depending on their settings) may also transmit approximate location information to the Services, based on the location of your IP address. We collect log information when you use our Service, for example, when you create or make changes to your Immersive Images.
- Usage Information. We collect information related to how you use the Service, including actions you take in your account (like sharing, editing, viewing, and moving files or folders). We use this information to improve our Service, develop new services and features, and protect ThingLink users.
- Location Information. We may determine the approximate location of your device from your IP address. We collect and use this information to, for example, calculate how many people visit our Service from certain geographic regions. We may also collect information about your precise location via our mobile apps (when, for example, you post a photograph with location information) if you allow us to do so through your mobile device operating system’s permissions. We do not track your location.
- Stored Information: We may access information stored on your mobile device via our mobile app. We access this stored information through your device operating system’s permissions. For example, if you give us permission to access the photographs on your mobile device’s camera roll, our Service may access the photos stored on your device when you upload a photo to the Service to create an Immersive Image.
Information We Collect from Other Sources:
- Information We Receive from Social Networking Sites. We allow Users with certain third-party accounts (currently Users who have Google, Microsoft or Clever accounts) to authenticate on the Service using those third-party accounts. We also allow Users to share their immersive Images on third party services, such as social networking services provided by others, for example, Facebook. If you create or log into your account on the Service through another third-party service or if you connect your Immersive Image on a social media service (like Twitter), we will receive information from that service (such as your username and other basic profile information) via the authorization procedures used by that service. The information we receive depends on which services you authorize and any options that are available. You should always review, and if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our website or Service.
- Third Party Analytics Services. We may also receive information from third party services, such as HubSpot, to help us better understand you and how you use our Service. Information Collected by Third Parties:
Purposes for Collecting this Information:
We use information about you as mentioned above and for the purposes listed below:
- To provide you the Service, including for example, hosting your Immersive Images and billing you for the Service;
- To maintain, monitor, and improve the Service by adding new features, sharing new use cases, or making the Service easier to use;
- To monitor and analyze trends and better understand how you interact with our Service;
- For our own internal benchmarking, for example, to measure, and gauge the effectiveness of the Service, our advertising of the Service, and to better understand user retention and attrition – for example, we may analyze how many individuals purchased a plan after receiving a marketing message or the features used by those who continue to use our Service after a certain length of time;
- To prevent problems with our Service, protect the security of our Service, detect fraudulent transactions and other illegal activities, fight spam, and protect the rights and property of ThingLink and others, which may result in us declining a transaction or the use of our Service;
- To communicate with you, for example through an email, about offers and promotions offered by ThingLink and others we think will be of interest to you, solicit your feedback, or keep you up to date on what we’re up to and our products. We give users the option to use some of our Services free of charge. These free Services are made possible by the fact that some users upgrade to one of our paid Services. If you register for our free Services, we will, from time to time, send you information about upgrades when permissible. For further information on your choices regarding your choices with regard to the use of your information for marketing purposes, see "Your Choices Regarding Your Information" below.
2. LEGAL BASIS FOR COLLECTING AND USING INFORMATION
- We collect and use the personal data described above based on the following grounds:
- Processing of personal data is necessary for compliance with a legal obligation; or
- We have a legitimate interest in using your information, for example, to run, maintain, develop and promote our business, to provide and update our Service, to improve our Service so that we can offer you an even better user experience, to safeguard our Service, to communicate with you, to measure, gauge, and improve the effectiveness of our advertising, and better understand user retention and attrition, to monitor and prevent any problems with our Service, and to personalize your experience. We may also process personal data for our legitimate interest to create and maintain customer and other business relationships and whilst fulfilling our contractual obligations towards our organizational customers; or
When choosing to use your data on the basis of our legitimate interests, we weigh our own interests against your right to privacy and e.g. provide you with easy to use opt-out from our marketing communications and use pseudonymized or non-personally identifiable data when possible.
3. DISCLOSURE OF INFORMATION TO THIRD PARTIES (CATEGORIES OF RECIPIENTS)
We won’t transfer information about you to third parties for the purpose of providing or facilitating third-party advertising to you. We won’t sell information about you either. We may share your personal information in the limited instances described below. For further information on your choices regarding your information, see "Your Choices Regarding Your Information."
- Other Users. Our Services display information like your name, profile picture, and profile description to other users in places like your user profile and sharing notifications. For our student users, this profile data is displayed only to users belonging to the same organization. You can also share Your Immersive Images with other users if you choose. When you register your ThingLink account with an email address on a domain owned by your employer, educational institution, or organization, we may help collaborators and administrators find you and your team by making some of your basic information, like your name, team name, profile picture, and email address, visible to other users on the same domain. This helps you sync up with teams you can join and helps other users share files and folders with you.
- Account Administrators. If your use of the Service is pursuant to an Agreement entered into by your employer, education institution, or other organization to which you belong, (e.g., ThingLink Business plans or ThingLink Education), your administrator may have the ability to access and control your ThingLink team account. Please refer to your organization’s internal policies if you have questions about this.
- Third Parties at Your Request. Certain features let you make additional information available to the public. You may have the option to share your ThingLink activities with your friends, or through email, SMS text, or various social media sites or on your blog or website. Public information may also be indexed by search engines or used by third parties. Please keep all of this in mind when deciding what you would like to share.
- Other Applications. You can also give third-party providers access to your information and account, for example, via ThingLink APIs. Please remember that their use of your information will be governed by their privacy policies and terms.
- Company Transactions. Other parties in connection with any company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by another company or third party or in the event of bankruptcy or related or similar proceedings. Your information, including user names and email addresses, User Content, and other user information may be among the items sold or otherwise transferred in these types of transactions. In this case, we will continue to ensure the confidentiality of all personal data. We will give notice to all the Users concerned when the personal data are transferred or become subject to a different privacy statement, as soon as reasonably possible; and
- Aggregated and De-Identified Information. We may share information that has been aggregated or de-identified. In this case, the personal data is permanently anonymized so that no personally identifiable data is shared. For instance, we may publish aggregate statistics about the use of our Service.
4. YOUR CHOICES AND RIGHTS REGARDING YOUR INFORMATION
- Account Data (Right to Access). ThingLink does not verify the accuracy of the personal data you provide. All ThingLink profiles are typically made available to the public, however you may elect to make your content private. If you make all of the content on your profile private, then a your profile will not appear in a directory search of the Service, but a user may still be able to access your profile if they know the uniform resource locator (URL) address for your profile. For our student users, this profile data is displayed only to users belonging to the same organization. You can edit and change your profile and account data through the Settings of your account. You have the right to inspect the personal data we have stored about you in the ThingLink User Register either via the Service (if we, in our sole discretion, offer such functionality) or by requesting it in writing from ThingLink. You have the right to access and be informed about your personal data processed by us. You may contact us and request a copy of your personal data. You can also choose not to provide the optional account information, profile information, and transaction and billing information. Please keep in mind that if you do not provide this information, certain features of our Services, for example, paid, premium Services, may not be accessible.
- Limit Access to Information On Your Mobile Device. Your mobile device operating system should provide you with the ability to discontinue our ability to collect stored information or location information via our mobile apps. If you do so, you may not be able to use certain features (like adding a location to a photograph, for example).
- Access to Data Controlled by Our Users. ThingLink has no direct relationship with the end users (usually students or employees) of our Users, whose personal information is contained within the personal data processed by our Services. An individual who seeks access, or who seeks to correct, amend, or delete personal information provided by our Users should direct their request to the specific User. You may also contact us at info@ThingLink.com if you have additional questions or concerns.
- Marketing Communications. We or a third party will obtain your consent before sending you electronic direct marketing. If you do not wish to receive promotional emails, you can click the "unsubscribe" button on promotional email communications. If you opt out of promotional messages, we may still send you other messages, like those about your account and legal notices. We sometimes contact people who do not have a ThingLink account, for example if you subscribe to our newsletter or marketing list or request more information about our Service.
- Close Your Account (Right to erasure). Of course, while it’s hard to say goodbye, we understand that sometimes you just need to move on. You can delete your information from within your account or close your account. To close your account, please contact us, and keep in mind that we may continue to retain your information after closing your account, as described in How Store Your Information below, for example, when that information is reasonably needed to comply with (or demonstrate our compliance with) legal obligations such as law enforcement requests, or reasonably needed for our legitimate business interests. We’ll use all commercially reasonable efforts to delete or anonymize your User Content upon request, but please be aware that due to the social nature of our Service, it may not be possible to completely remove all of your personally identifiable User Content if, for example, that content has been stored, republished, or reposted by another user or a third party.
- Take Your Data (Data Portability). You can download a copy of your content in a machine-readable format as through the settings feature of your account. You can also ask us for a copy of personal data you provided to us.
- Consents (Right to withdraw a consent). In case the processing is based on a consent granted by the User, the User may withdraw the consent at any time. Withdrawing a consent may lead to fewer possibilities to use the Services. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
- How to use your rights. The abovementioned rights may be used either directly in the Service (as described above) or by sending a letter or an e-mail to us on the addresses set out above, including the following information: the full name, e-mail address and a phone number. We may request the provision of additional information necessary to confirm the identity of the User. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
5. HOW WE PROCESS YOUR INFORMATION
- Security. ThingLink cares about the security of your information and uses commercially reasonable physical, administrative, and technological safeguards to preserve the integrity and security of all information we collect and that we share with our service providers. Personal data and backups are stored in protected databases located behind a firewall and with both physical and software-based access controls. However, no security system is impenetrable, and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
6. IMPORTANT NOTICE
7. PROCESSING OF DATA REGARDING CHILDREN
8. TRANSFERRING YOUR DATA
10. CONTACT AND LODGING A COMPLAINT
Have questions or concerns about ThingLink, our Services, and privacy? Contact us at info@ThingLink.com.
In case the User considers our processing of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged with the local supervisory authority for data protection.
Personal Information we collect from kids under 13.
When a user creates a ThingLink account, we may ask for name, email address, a description of your role when using the Service, and password and a birth date. Children may only access the Services at the direction of their teacher or school district when their teacher or school has subscribed to the Service and enabled the option for their students to join the Service. In this case, the school or another institute shall be a data controller and shall be responsible for the processing of personal data, including the collection of parental consents when necessary.
Information collected through cookies and other technology.
How we use and share information collected from kids.
We use this information to operate, maintain and provide the functionality of the Service and to communicate with the kid and the parent about activities on the Service. We may also send Service-related emails (e.g., account verification, changes or updates to features of the Service, technical and security notices). Registered users cannot opt-out of Service-related emails.
Our Service generally permits users to connect with others on the Service and to share information with others. Members under 13 have restricted sharing capabilities, though a kid under 13 may be permitted to share information in the following manner:
- With the kid’s teacher(s).
- Kids are able to use some of the sharing functions, but kids under 13 are not permitted to share their information publicly on the Service.
In addition, we may share a kid's personal information with:
- Other companies owned by or under common ownership as ThingLink, which includes our subsidiaries (i.e., any organization we own or control) or our ultimate holding company (i.e., any organization that owns or controls us) and any subsidiaries it owns. These companies will use the personal information in the same way as we can under this Policy;
- Third party vendors, consultants, contractors and other service providers that perform services on our behalf, in order to carry out their work for us, which may include content or service fulfillment, accounting, or providing analytics services;
We may also share information with others in an aggregated and anonymous form that does not reasonably identify any user, including our kid users, directly as an individual.
Processing of kids’ personal data.
Where the Service is used by a child for educational purposes, the educational institution decides the purposes and means of processing and therefore acts as a data controller. The educational institution is responsible for the processing of kids’ personal data, including the collection of parental consents and informing the parents. At that time, the kid will be able to participate in the Service as permitted by the educational institution.
How parents can access, change or delete information collected from their kids.
A registered user can modify personal data or delete a ThingLink account at any time by visiting the "Account settings" page. A parent or child may contact us at any time by emailing us or by contacting us at the address below to review, change, and/or delete any information we have collected from a kid under 13 as well as to disallow any further collection or use of the child's information. We will take steps to verify the identity of anyone requesting personally identifiable information about a child and to ensure that the person is in fact the child's parent or legal guardian. You can also contact the relevant teacher or school organization if you wish to delete the data.
11. COPPA COMPLIANCE
12. FERPA COMPLIANCE