Terms of use

What’s processed and why?

We process the following information to provide, improve, and protect our Services:

Information You Provide

• Account and Profile Information

• You can browse our site without providing personal information, but you must register in order to access most of the features of Service. The information we process related to your user account and user profile depends on how you use the Service and what information you provide, but includes data such as your name, email address, data you include in your profile, a description of your purpose when using the Service (business or education), your industry if you are using the Service for business purposes, your role (for example, teacher or student) and your educational institution name, if you’re using the Service for educational purposes.

• Payment and Billing Information

• We process credit card or payment information for paid subscriptions through our service providers specializing in handling such information. ThingLink does not store your credit card data.

• Content Information

• Our Service is designed to make it simple for you to upload, store, share, and collaborate on engaging visual materials and other content across multiple devices (“User Content”). To make that possible, we store, process, and transmit files and other content that you choose to upload, create, or add to the Service, such as images, videos, audio recordings, documents, text, and other materials. We also process information related to User Content, such as file size, upload time, sharing settings, collaborators, usage activity, and limited account or profile information needed to enable authorship, collaboration, and sharing features. Our Service provides you with different options for sharing your User Content. You may include personal information about yourself or others in User Content. For example, if you create an immersive image that includes biographical information about you or someone else, we will have that information, and so will anyone with access to that User Content if you choose to share or publish it.

• Messages and other Communications

• You may also provide us personal information when you communicate with us, such as by responding to surveys, communicating with our sales, engineering or support teams about the Service or a question regarding the Service, or post a question about your User Content in our public forums.

Information We Collect Automatically:

• Device Information

• Like most online service providers, we collect information that web browsers, mobile devices, and servers typically make available, such as the browser type, IP address, unique device identifiers, language preference, the date and time of access, operating system, and mobile network information. We collect log information when you use our Service, for example, when you create or make changes to your User Content.

• Usage Information

• We collect information related to how you use the Service, including actions you take in your account (like sharing, editing, viewing, and moving files or folders). We use this information to improve our Service, develop new services and features, and protect ThingLink users.

• Location Information

• We may derive and store country-level location information from your IP address. We use this information, for example, to understand from which countries our Service is accessed. We do not geotrack users and we do not collect or store precise location data from your device. If you upload or share media files that contain location metadata, we may process that metadata as part of the file content. In this context, any “precise location” information refers only to location metadata embedded in media files.

• Cookies and Similar Technologies

• We use technologies like cookies and pixel tags to provide, improve, protect, and promote our Service. These technologies convey information to us about how you use the Service (e.g., the pages you view, the links you click, how frequently you access the Service, and other actions you take on the Service), and allow us to track your usage of the Service over time. You can set your browser to not accept cookies, but this may limit your ability to use the Service. Similarly, we may employ web beacons which are used to anonymously track your usage patterns on the Service, or place clear gifs in HTML-based emails we send you to track which emails are opened and which links you click. This information allows for more accurate reporting and improvement of the Service. For a detailed listing of what cookies we use and how we use them, please read our Cookie Policy.

Information We Collect from Other Sources:

• Information We Receive from Other Sites

• We allow Users with certain third-party accounts (for example, users who have Google, Microsoft or Clever accounts) to authenticate on the Service using those third-party accounts. If you create or log into your account on the Service through another third-party service, we will receive information from that service (such as your username and other basic profile information) via the authorization procedures used by that service. The information we receive depends on which services you authorize and any options that are available. You should always review, and if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our website or Service.

• Information received through YouTube API Services

• In certain cases, ThingLink uses YouTube API Services to help you create your content. If you are using YouTube content on our platform, you are agreeing to be bound by the YouTube Terms of Service and Google Privacy Policy. ThingLink does not receive user information from YouTube. The YouTube API Services are used to receive information about YouTube audiovisual content, such as width, height, title, duration, description and other parameters.

Purposes for Collecting this Information

We use information about you as mentioned above and for the purposes listed below:

• To provide you the Service, including for example, hosting your User Content and billing you for the Service;
• To maintain, monitor, and improve the Service by adding new features, sharing new use cases, or making the Service easier to use;
• To monitor and analyze trends and better understand how you interact with our Service;
• To prevent problems with our Service, protect the security of our Service, detect fraudulent transactions and other illegal activities, fight spam, and protect the rights and property of ThingLink and others;
• To personalize your experience using our Service, remember your preferences on the Service so that you will not have to re-enter it during your visit or the next time you use the Service, target our marketing messages to groups of our Users (for example, those who have a particular plan with us or have been our user for a certain length of time), to serve relevant product marketing. For the purposes of this Privacy Policy, product marketing means product notifications, updates and examples of use or community messages. When we process personal data for the purposes of targeting product marketing, we use user groups, and marketing materials are altered depending on the account type. We do not use personal data of students for the purposes of targeted marketing or advertisements; and
• To communicate with you, for example through an email, about offers and promotions offered by ThingLink and others we think will be of interest to you, solicit your feedback, or keep you up to date on what we’re up to and our products. We give users the option to use some of our Services free of charge. These free Services are made possible by the fact that some users upgrade to one of our paid Services. If you register for our free Services, we will, from time to time, send you information about upgrades when permissible. For further information on your choices regarding your choices with regard to the use of your information for marketing purposes, see “Your Choices Regarding Your Information” below.

We do not use your personal data for automated decision-making.

Legal basis for collecting and using information

• We collect and use the personal data described above based on the following grounds:
• The use is necessary in order to fulfill our commitments to you under our Terms of Use or other agreements with you or is necessary to administer your account, for example, in order to enable access to our Service on your device or charge you for a paid subscription; or
• Processing of personal data is necessary for compliance with a legal obligation; or
• We have a legitimate interest in using your information, for example, to run, maintain, develop and promote our business, to provide and update our Service, to improve our Service so that we can offer you an even better user experience, to safeguard our Service, to communicate with you, to measure, gauge, and improve the effectiveness of our advertising, and better understand user retention and attrition, to monitor and prevent any problems with our Service, and to personalize your experience. We may also process personal data for our legitimate interest to create and maintain customer and other business relationships and whilst fulfilling our contractual obligations towards our organizational customers; or
• You have given us your consent, for example before we place certain cookies on your device and access and analyze them later on, as described in our Cookie Policy.

When choosing to use your data on the basis of our legitimate interests, we weigh our own interests against your right to privacy and e.g. provide you with easy to use opt-out from our marketing communications and use pseudonymized or non-personally identifiable data when possible.

Disclosure of personal data

We won’t transfer information about you to third parties for the purpose of providing or facilitating third-party advertising to you. We won’t sell information about you either. We may share your personal information in the limited instances described below. For further information on your choices regarding your information, see “Your Choices Regarding Your Information.”

• Other ThingLink companies

• We may share your personal data with other ThingLink companies who take part in providing the Services.

• Others Working For or With ThingLink

• We may share your personal data with others working for or with ThingLink who help us provide the Services.

• Other Users

• Our Services display information like your name, profile picture, and profile description to other users in places like your user profile and sharing notifications. You can control what data you choose to share from the Services. For our student users, this profile data is displayed only to users belonging to the same organization. You can also share your User Content with other users if you choose. When you register your ThingLink account with an email address on a domain owned by your employer, educational institution, or organization, we may help collaborators and administrators find you and your team by making some of your basic information, like your name, team name, profile picture, and email address, visible to other users on the same domain. This helps you sync up with teams you can join and helps other users share files and folders with you.

• Third Parties at Your Request

• Certain features let you make additional information available to the public. You may have the option to share your ThingLink activities or your User Content with your friends, or through email, SMS text, or various social media sites or on your blog or website. Public information may also be indexed by search engines or used by third parties. Please keep all of this in mind when deciding what you would like to share.

• Third Party Embeds

• Some of the content that you see displayed on the Service is not hosted by ThingLink. These “embeds” are hosted by a third-party and embedded in the Service. For example: YouTube or Vimeo videos, Imgur or Giphy gifs, SoundCloud audio files, Twitter tweets, GitHub code, or Scribd documents that appear on our website, or within User Content on the Service. These files send data to the hosted site just as if you were visiting that site directly (for example, when you load a ThingLink webpage with a YouTube video embedded in it, YouTube receives data about your activity). ThingLink does not control what data third parties collect in cases like this, or what they will do with it. So, third-party embeds on the Service are not covered by this privacy policy. They are covered by the privacy policy of the third-party service.

• Company Transactions

• Other parties in connection with any company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by another company or third party or in the event of bankruptcy or related or similar proceedings. Your information, including user names and email addresses, User Content, and other user information may be among the items sold or otherwise transferred in these types of transactions. In this case, we will continue to ensure the confidentiality of all personal data. We will give notice to all the Users concerned when the personal data are transferred or become subject to a different privacy statement, as soon as reasonably possible; and

• Law & Order and the Public Interest

• Third parties as required to (a) satisfy any applicable law, regulation, subpoena/court order, legal process or other government request, (b) enforce our Terms of Use Agreement, including the investigation of potential violations thereof, (c) investigate and defend ourselves against any third party claims or allegations, (d) protect against harm to the rights, property or safety of ThingLink, its users or the public as required or permitted by law and (e) detect, prevent or otherwise address criminal (including fraud or stalking), security or technical issues.

• Aggregated and De-Identified Information

• We may share information that has been aggregated or de-identified. In this case, the personal data is permanently anonymized so that no personally identifiable data is shared. For instance, we may publish aggregate statistics about the use of our Service.

Your choices and rights regarding your information

• Account Data (Right to Access)

• You have the right to inspect the personal data we have stored about you in the ThingLink User Register either via the Service (if we, in our sole discretion, offer such functionality) or by requesting it in writing from ThingLink. You have the right to access and be informed about your personal data processed by us. You may contact us and request a copy of your personal data. You can also choose not to provide the optional account information, profile information, and transaction and billing information. Please keep in mind that if you do not provide this information, certain features of our Services, for example, paid, premium Services, may not be accessible.

• Limit Access to Information On Your Mobile Device

• Your mobile device operating system should provide you with the ability to discontinue our ability to collect location information via our mobile apps. If you do so, you may not be able to use certain features (like adding a location to a photograph, for example).

• Access to Data Controlled by Our Users

• ThingLink has no direct relationship with the end users (usually students or employees) of our Users, whose personal information is contained within the personal data processed by our Services.

• Marketing Communications

• We or a third party will obtain your consent before sending you electronic direct marketing. If you do not wish to receive promotional emails, you can click the “unsubscribe” button on promotional email communications. If you opt out of promotional messages, we may still send you other messages, like those about your account and legal notices.

• Close Your Account (Right to erasure)

• Individual users may close their accounts through the platform and delete certain information from within their accounts. Users accessing the Service through an organization account may need to contact their administrator or organization to exercise their right to erasure, as the organization is the controller of the relevant personal data. We may retain certain information after account closure as described in How We Store Your Information below, including where reasonably necessary to comply with legal obligations, respond to lawful requests, enforce our agreements, resolve disputes, or protect our legitimate business interests.

• Take Your Data (Data Portability)

• You can download a copy of your content in a machine-readable format as through the settings feature of your account. You can also ask us for a copy of personal data you provided to us.

• Consents (Right to withdraw a consent)

• In case the processing is based on your consent, you may withdraw the consent at any time. Withdrawing a consent may lead to fewer possibilities to use the Services. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

• How to use your rights

• The abovementioned rights may be used either directly in the Service (as described above) or by sending a letter or an e-mail to us on the addresses set out above, including the following information: the full name, contact e-mail address, and the email address associated with the account. We may request the provision of additional information necessary to confirm the identity of the User. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.

How we process your information

Processing of data regarding children

In some instances, children may use the Service and personal data of children may be collected to the Service. We take many special precautions to protect the privacy of children under 13. Children may only access the Services at the direction of their teacher or school district when their teacher or school has subscribed to the Service and enabled the option for their students to join the Service. In this case, the school or another institute shall be a data controller and shall be responsible for the processing of personal data, including the collection of parental consents when necessary. Please see our Kid’s Privacy Policy to learn more about how we protect the privacy of our users who are under 13 years of age.

Transferring your data

Because the Services are offered worldwide, the information about you that we process when you use the Services in the EU may be used, stored, and/or accessed by individuals operating outside the European Economic Area (EEA) who work for us, other members of our group of companies, or third party data processors. When your personal data is processed by entities outside the EEA, we will take appropriate measures to ensure that the recipient protects your personal information adequately in accordance with this Privacy Policy as required by applicable law. These measures include, in the case of entities based in other countries outside the EEA, entering into European Commission approved standard contractual arrangements with them or using another method , that ensures an adequate level of protection of personal data in a third country.

You can ask us for more information about the steps we take to protect your personal information when transferring it from the EU by contacting us by using the contact details set out in this Privacy Policy.

Processing of data regarding children

In some instances, children may use the Service and personal data of children may be collected to the Service. We take many special precautions to protect the privacy of children under 13. Children may only access the Services at the direction of their teacher or school district when their teacher or school has subscribed to the Service and enabled the option for their students to join the Service. In this case, the school or another institute shall be a data controller and shall be responsible for the processing of personal data, including the collection of parental consents when necessary. Please see our Kid’s Privacy Policy to learn more about how we protect the privacy of our users who are under 13 years of age.

Updates to this privacy policy

We reserve the right to modify this Policy from time to time. If we make any changes to this Privacy Policy, we will change the “Last Updated” date at the top of this page and will post the updated Privacy Policy on this page.

Contact and lodging a complaint

Have questions or concerns about ThingLink, our Services, and privacy? Contact us at info@thinglink.com.

In case you consider our processing of personal data to be inconsistent with the applicable data protection laws, you may lodge a complaint with the local supervisory authority for data protection. As a Finnish company, ThingLink is supervised by the Finnish Data Protection Ombudsman (https://www.tietosuoja.fi/en).

ThingLink’s Kids Privacy Policy

We recognize that from time to time we may have children under 13 use the site under the supervision of a parent or an educational institution acting as an agent of their parent. When that happens, we take additional precautions to protect the privacy of children under 13. This Kid’s Privacy Policy is designed to inform how we process personal data of children, in addition to the information provided in our general Privacy Policy. The controller for this processing is the educational institution, and the following information is provided by ThingLink to supplement the privacy policies of the educational institution in question.

Processing of kids' personal data

Where the Service is used by a child for educational purposes, the educational institution decides the purposes and means of processing and therefore acts as a data controller. The educational institution is responsible for the processing of kids' personal data, including the collection of parental consents and informing the parents. At that time, the kid will be able to participate in the Service as permitted by the educational institution.

Personal Information we collect from kids under 13.

When a user creates a ThingLink account, we may ask for name, email address, a description of your role when using the Service, and password. Children may only access the Services at the direction of their teacher or school district when their teacher or school has subscribed to the Service and enabled the option for their students to join the Service. In this case, the school or another institute shall be a data controller and shall be responsible for the processing of personal data, including the collection of parental consents when necessary.

Information collected through cookies and other technology.

We automatically collect certain types of usage information when a kid uses our Service. For example, we may collect an IP address, browser type, information about the kid’s mobile device, and other information. This data is collected using technologies such as cookies, web beacons and other unique identifiers. This information may be collected by ThingLink or by third parties. To learn more about this type of data, see “What is collected and why” in our general Privacy Policy. We use this information to remember information so that the kid will not have to re-enter it during a later visit; provide custom, personalized content, monitor site analytics, and improve our service. We do not permit third party behavioral advertising on our site. We do not target any advertisements or product marketing to children. Kids will not receive any marketing or promotional messages via our Service, as long as they have signed up for a correct account type, i.e. if they have signed up as a student.

How we use and share information collected from kids.

We use this information to operate, maintain and provide the functionality of the Service and to communicate with the kid and the parent about activities on the Service. We may also send Service-related emails (e.g., account verification, changes or updates to features of the Service, technical and security notices).

Members under 13 have restricted capabilities for sharing information on the Service, and a kid under 13 may only share information in the following manner:

• With the kid's teacher(s).
• No public sharing is allowed for kids under 13, and only some of the sharing functions are available.

In addition, we may share a kid’s personal information with:

• Other companies owned by or under common ownership as ThingLink taking part in providing the Service. These include our subsidiaries (i.e., any organization we own or control) or our ultimate holding company (i.e., any organization that owns or controls us) and any subsidiaries it owns. These companies will use the personal information in the same way as we can under this Policy;
• Third party vendors, consultants, contractors and other service providers that perform services on our behalf, in order to carry out their work for us, which may include content or service fulfillment, accounting, or providing analytics services;
• Third parties as reasonably necessary to (i) satisfy any applicable law, regulation, subpoena/court order, legal process or other government request, (ii) enforce our Terms of Use Agreement, including the investigation of potential violations thereof, and/or (iii) investigate and defend ourselves against any third party claims or allegations, (iv) to exercise or protect the rights, property, or personal safety of ThingLink, our Users or others.

We may also share information with others in an aggregated and anonymous form that does not reasonably identify any user, including our kid users.

How parents can access, change or delete information collected from their kids.

Where a child uses ThingLink through a school, school district, or other educational institution, the educational institution is the controller of the child’s personal data. Parents or legal guardians who wish to review, change, delete, or restrict further use of personal data processed in that context should contact the relevant teacher, school, school district, or educational institution. ThingLink will assist the educational institution in responding to such requests in accordance with our contractual obligations and applicable law.

If a child under 13 has created or used a ThingLink account outside the direction of a school, school district, educational institution, or parent/legal guardian, a parent or legal guardian may contact us at info@thinglink.com to request review, correction, deletion, or discontinuation of further collection or use of the child’s information. We will take reasonable steps to verify the identity and authority of the person making the request before disclosing, changing, or deleting personal information relating to a child. If we determine that we have collected personal information from a child under 13 without appropriate consent or authorization, we will take steps to delete that information or otherwise handle it as required by applicable law.

COPPA compliance

Some users of the Service may include young children. We take many special precautions to protect the privacy of children under 13. The Children’s Online Privacy Protection Act (COPPA) protects children under the age of 16. Children may only access the Services at the direction of their teacher or school district by using an invitation code provided to them by their teacher or educational institution. School officials and teachers are authorized under COPPA to provide consent on behalf of parents; therefore, ThingLink does not obtain parental consent directly from parents of children who are using the Service. A teacher or school district official provides consent for a child under the age of 13 to use the Service when they create an account on the Service for that child. Please see the ‘ThingLink’s Kid’s Privacy Policy’ above to learn more about how we protect the privacy of our users who are under 13 years of age.

FERPA compliance

The Family Educational Rights and Privacy Act (FERPA) provides parameters for what is permissible when sharing student information. ThingLink is authorized by schools and districts under the FERPA “school official” exception to receive and use educational data to provide educational services. This data has significant educational value; apart from enabling the creation of accounts with which students access the Service, the data allows teachers to track student activity and assess student performance. This information is used only for academic purposes. We do not collect data for collection’s sake, and access is limited and appropriate. For specific information regarding our data handling practices with regard to student data, please refer to our ‘Kid’s Privacy Policy’ above.