Updated June 28, 2022
- What information we collect and why we collect it.
- How we use that information and when we disclose it.
- Your rights regarding that information, including how to access and update your information.
- The steps we take to protect your information.
Scope & Applicability:
This Privacy Statement does not apply to Personal Information arising from Skedulo’s employment-related activities. Except to the extent that a third party provides services on our behalf (e.g. external vendors, contractors, etc.), this Privacy Statement also does not apply to the practices of third parties to which we may link or otherwise refer you, such as consultants, security testing firms, audit firms, and other vendors.
If you have any questions or concerns about this Privacy Statement or about our privacy or data security practices, please contact us at [email protected].
- Account means a unique account created for You to access our Service or parts of our Services.
- Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to Skedulo, 800 Market St 4th Floor, San Francisco, CA 94111.
- Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
- Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
- Personal Data means information from or about you that identifies you directly and information that is associated with you and thus could potentially identify you, including when combined with other information from or about you.
- Sensitive Personal Information includes data about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union memberships, genetic and biometric data when used for identification purposes, and data about health, sex life, and sexual orientation.
- Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
- You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
Types of Personal Information Collected:
- Names (First Name and Last Name)
- Address, State, Province, ZIP/Postal code, City
- Email address(es)
- Telephone number(s)
- Device identifiers (e.g. IP address, location, browser type, and language)
- Usage Data
- User IDs and passwords
- Business contact information (e.g. names, email addresses, business addresses, telephone numbers, company name or business affiliation, and title)
- Personal information that you choose to share within our user communities and Payment card and financial account information
This Privacy Statement explains:
- What information we collect and why we collect it.
- How we use that information and when we disclose it.
- Your rights regarding that information, including how to access and update your information.
- The steps we take to protect your information.
Collecting and Using Your Personal Data:
Information Provided to Us Voluntarily:
Content: We collect and store content that you create, input, submit, post, upload, transmit, or store while using our Services. Such content may include any personal or other sensitive information submitted using our Services, such as Regulated Data: HIPAA protected health information, EU personal data, and other information such as source code or regulatory compliance materials.
Other Submissions: We collect other data that you may submit to our Services or to us directly, such as when you request customer support or communicate with us via email or social media sites.
Information Collected Automatically When You Use Our Services:
Web Logs and Analytics Information: We record certain information and store it in log files when you interact with our Services. This information may include Internet protocol (IP) or other device addresses or ID numbers as well as browser type, Internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information that you search for, your locale and language preferences, your mobile carrier, and system configuration information. We and our analytics providers also collect and store analytics information when you use our Services to help us improve our Services.
Information Collected from Other Sources:
Information from Third Parties: We may obtain information, including Personal Information, from our business partners and service providers. This information includes, but is not limited to, information that we receive from our direct marketing providers, product referrals, and other interactions. We also may combine information we receive from third parties with other information we collect from you through our Services as described in this Privacy Statement. If we use this information to provide you with opportunities that we think may be of interest to you, you will have the ability to inform us that you do not wish to receive such offers, and you may unsubscribe from our marketing and other email communications by clicking on the link in the email, sending an email to [email protected], or accessing your user account and changing your distribution preferences.
Information Provided by Other Individuals: While using our Services, individuals may provide information about another individual, or an authorized user (such as an account administrator) creating an account on your behalf may provide information about You. When one individual provides us with information (including Personal Information) about another individual, we assume that the individual has permission and authority to do so and to consent on behalf of that individual to the collection and use of Personal Information as described in this Privacy Statement. Please contact us immediately at [email protected] if you become aware of an individual providing us with Personal Information about another individual without being authorized to do so, and we will act consistently with this Privacy Statement.
Information Received About You from Our Customers: Our customers and their designated users use our Services to develop, establish, implement, and maintain secure application and database deployment environments for processing sensitive data, including Personal Information and sensitive Personal Information. While using our Services, our customers may create, input, submit, post, upload, transmit, or store Personal Information that they have collected from individuals. During the course of our business relationship, we may need to access a customer’s account and the information it contains to provide support for our Services.
Our customers and prospective customers are responsible for complying with all applicable federal, state, local, and international laws and regulations regarding notice, disclosure, consent, and transfer of Personal Information, prior to providing that Personal Information to Skedulo.
In addition, our customers and prospective customers are also responsible for identifying, in the Services agreement or in a related document (such as a HIPAA business associate agreement or GDPR data protection agreement), any additional requirements for protecting, accessing, and handling Personal Information in a particular matter that exceeds the reasonable, risk-based administrative, technical, and physical safeguards that Skedulo would otherwise routinely implement, or that are inconsistent with the collection and use practices identified in this Privacy Statement.
Unlike the other collections of information described in this section, our agreements with customers include specific protections and limitations regarding our access to and use of Personal Information collected by customers, and we do not access, use, copy, retain, or aggregate that customer data except as stated in those agreements.
Use of Your Personal Data
We will not use your Personal Information for anything other than the following lawful purposes. When possible, we will use anonymized data for these purposes, but if we do not, or if we combine it with Personal Information we will treat it in accordance with this Privacy Statement.
- To provide and maintain our Service: including monitoring the usage of our Service, providing customer service and support, communicating with you (e.g. responding to inquiries, questions, and requests regarding our Service), processing and completing transactions (e.g. sending purchase confirmations and invoices), and providing direct marketing, email, and other distributed electronic information.
- To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
- For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.
- To establish and maintain contractual relationships with our customers: This includes establishing relationships with new and existing customers, fulfilling our contractual obligations to current customers, and to enable individuals to access and use our Services.
- To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
- To manage Your requests: To attend and manage Your requests to Us.
- For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.
- To comply with legal obligations: This includes, but is not limited to, complying with tax and financial reporting requirements, demonstrating compliance with the applicable privacy and data security laws and regulations (e.g., HIPAA and GDPR), complying with incident monitoring, reporting, assessment, and notification requirements, and complying with other applicable criminal and civil law and regulatory requirements under federal, state, and international law.
- For other purposes: We may use Your information for other purposes, such as:
- To monitor and analyze trends, usage, and activities in connection with our Services.
- To investigate and prevent fraudulent transactions, unauthorized access to our Services, and other illegal activities.
- To verify compliance with our internal policies and procedures.
- For accounting, recordkeeping, backup, and administrative purposes
- To customize and improve the content of our communications, websites, and social media accounts.
- To educate and train our workforce in data protection and customer support.
- To provide, operate, maintain, improve, personalize, and promote our Services.
- To develop new products, services, features, and functionality.
- To market our products and services (first-party marketing only; we do not provide Personal Information for use in marketing any non-Skedulo, third-party goods or services)
- Evaluating and improving our Service, products, services, marketing and your experience.
- To administer, operate, maintain, and secure our website and Services.
- To fulfill our other legitimate interests to the extent that they are not overridden by individual interests, fundamental rights, or freedoms.
Retention of Your Personal Data
We retain your Personal Information only as long as necessary to accomplish the business purpose for which it was collected or to comply with our legal and contractual obligations, and then securely dispose of that information.
Transfer of Your Personal Data
Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.
Disclosure of Your Personal Data
Except to the extent necessary to fulfill our business obligations, to accomplish one of the lawful purposes described in this Privacy Statement, or pursuant to your express instructions, we do not sell, transfer, or otherwise disclose Personal Information that we collect from or about you.
We may share your information in the following ways:
- With Your Express Consent: We will share your Personal Information with companies, organizations, or individuals outside of Skedulo when we have your consent to do so.
- When You Choose to Directly Share Your Information While Using Our Services: When you use our Services, certain features allow you to make some of your content accessible to the public or other users of the Services. We urge you to consider the sensitivity of any information prior to sharing it publicly or with other users.
When Your Account Is Accessed by Your Organization’s Designated Skedulo Administrator: Your Skedulo account owners and administrators may be able to:
- Access information in and about your Skedulo account;
- Disclose, restrict, or access information that you have provided or that is made available to you when using your Skedulo account, including your content; and
- Control how your Skedulo account may be configured, accessed, or deleted.
With our vendors and business partners, to accomplish our business purposes: We may share your information with our service providers and other third parties who perform services on our behalf, listed in our Subvendor Directory. Service providers such as analytics providers may collect information about your online activities over time and across different online services when you use our Services. We also work with third-party service providers to provide the cloud-based tools that our customers use to create their secure storage containers and securely store their sensitive information, including Personal Information.
When Necessary to Comply with Laws and Law Enforcement Requests, or Otherwise to Protect Our Rights or Those of Individuals: We may disclose your information (including your Personal Information) to a third party if:
- We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request;
- To enforce our agreements, policies and terms of service;
- To protect the security or integrity of Skedulo’s products and services;
- To respond to an incident involving personal data for which Skedulo has direct or indirect responsibility
- To protect the property, rights, and safety of Skedulo, our customers or the public from harm or illegal activities;
- To respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person; or
- To investigate and defend ourselves against any third-party claims or allegations.
As the result of a business transition: We may share or transfer your information (including your Personal Information) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will take reasonable steps to assure that any other entity involved continues to comply with the terms of this Privacy Statement. We will notify you of such a change in ownership or transfer of assets by posting a notice on our website.
Sharing aggregated, anonymized, deidentified, or otherwise non-personal data: We may share aggregated, anonymized, deidentified, or otherwise non-Personal Information that does not directly or indirectly identify you and that cannot, with reasonable effort, be used to reidentify you in order to improve the overall experience of our Services. Such aggregated, anonymized, deidentified, or otherwise not re-identifiable information is not Personal Information within the scope of this Privacy Statement.
Your Control Over Your Personal Information
- You may decline to share certain Personal Information with us, in which case we may not be able to provide to you some of the features and functionality of our Services or fulfill your requests. For example, we need your email address to authenticate you and perform account services such as password resets, or to provide you with customer support.
- You may decline to accept cookies, but that decision may affect the functionality and performance of our Services.
- You may update or correct your Personal Information at any time by accessing the account settings page on the website or within our platform.
- You may opt out of receiving promotional communications from Skedulo by using the unsubscribe link within each email. Note that, as long as you maintain an account with us, you will continue to receive administrative messages from us regarding the Services.
- You may request information about, and access to, the personal data that we collect from you.
- You may ask questions or make complaints about our privacy and data security practices with regard to your personal data.
- You may request that we delete information that we have collected about you.
- You may ask us for a copy of the information that we collected from you.
To exercise any of these options, or for additional information about our privacy and data security practices, contact us at [email protected]
Security of Your Personal Data
Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. That said, Skedulo employs a variety of organizational, technical and administrative measures to provide a level of security appropriate to the risk associated with the Personal Information you entrust us with.
To that end, we manage our data protection program consistent with ISO 27001, SOC 2, NIST SP 800-53, and applicable legal and regulatory requirements such as HIPAA and GDPR.
- Skedulo’s current SOC 2 Type 2 report and HIPAA/HITECH Validated Assessment Report are available under NDA to customers only. To obtain a copy of the report, please contact [email protected]
For more information, please refer to our Security Policy for more details.
Skedulo protects Personal Information under its control, and requires its service providers (see our Subvendor Directory) to also protect against, accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to, personal data transmitted, stored, or otherwise processed.
If you have concerns about the security of your information with Skedulo, please contact us immediately at [email protected] to report an issue.
Our Services are not directed to individuals under 16. We do not knowingly collect Personal Information from children under 16. If we become aware that a child under 16 has provided us with Personal Information, we will take steps to delete such information. If you become aware that a child has provided us with Personal Information, please contact us at [email protected]
California Privacy Rights
These additional disclosures are required by the California Consumer Privacy Act and are effective as of February 9, 2021:
- Categories of personal information collected. The personal information that we may collect, or may have collected from consumers in the preceding twelve months, fall into the following categories established by the California Consumer Privacy Act, depending on how you engage with the Skedulo Services and Offerings:
- Identifiers, such as your name, alias, address, phone numbers, or IP address;
- characteristics of protected classifications under California or US federal law, such as age or gender, for example if we conduct user surveys or analysis;
- commercial information, such as purchase activity;
- Internet or other electronic network activity information, including content interaction information, such as content downloads, streams, and playback details;
- geolocation data, such as the location of your device or computer, for example if you enable location services to enhance your experience through event applications we offer;
- audio, visual, electronic or other similar information, including when you communicate with us by phone or otherwise;
- professional or employment-related information, for example data you may provide about your business and;
- inference data, such as information about your preferences.
- Categories of personal information disclosed for a business purpose. The personal information that we may have disclosed about consumers for a business purpose in the preceding twelve months fall into the following categories established by the California Consumer Privacy Act, depending on how you engage with the Skedulo Services and Offerings:
- Identifiers, such as your name, address, or phone numbers;
- your age, gender, or other protected classifications under California or US federal law, for example if we conduct user surveys or analysis using a third party service provider;
- commercial information, such as the details of a product or service you purchased if a third party service provider is assisting to provide that product or service to you;
- Internet or other electronic network activity information, such as if we use a third party service provider to help us gather reports for analyzing the health of our devices and services;
- audio, visual, electronic or other similar information, for example if a third party service provider reviews recordings of customer support phone calls for quality assurance purposes.
California Civil Code Section 1798.83 permits Skedulo customers who are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please contact us at [email protected]
Information for International Users
Our Services are primarily hosted in the United States, Canada, and Australia, but we can provision our services in other regions of the world. You may choose to use our Services in non-U.S. regions, such as the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law. Please note that when you use our Services, you are transferring your information outside of those regions to the United States for storage and processing. By providing your information, you consent to any transfer and processing in accordance with this Policy.
Asia-Pacific Economic Cooperation (APEC) Privacy Framework
European Union (EU), European Economic Area (EEA) and Switzerland Privacy
If you are based in one of these jurisdictions, Skedulo is the controller of your personal data collected in the following instances:
- When you visit our website https://www.skedulo.com
- When you use the Skedulo services
- When we process your personal data for sales and marketing purposes
Skedulo is a processor of all personal data processed on the application, on behalf of our clients. We only process the personal data under their direction. Please contact your employer or the organization that granted you access to the application for details on their privacy practices.
We only process personal data if we have a lawful basis for doing so. The lawful bases applicable to our processing as controller are:
- Consent: We will ask for your express and informed consent every time we collect your personal data on this legal basis.
- Contractual basis: We process the personal data as necessary to fulfill our contractual terms with you or our clients.
- Legitimate interest: We process the names, contact details, job titles, companies of our existing and prospective clients for our marketing purposes, including market research and sales leads generation.
You have the following rights under the GDPR:
- Being informed about the collection and use of your personal data.
- Accessing your personal data.
- Correcting errors in your personal data.
- Erasing your personal data.
- Objecting to the processing of your personal data.
- This right is also available to individuals whose personal data is processed by us for direct marketing purposes. If you object to the processing of your personal data for direct marketing purposes, we shall stop processing within 30 days of receipt of your request.
- Exporting your personal data.
- Restricting our processing of your personal data for specific reasons, including any of the purposes supported by the legitimate interest legal bases (see the section above).
Transferring information outside the EEA
Skedulo processes personal data in the EU and shares it with our service providers in other jurisdictions. When information controlled by Skedulo is transferred or transmitted to, or stored and processed in, the United States or other countries outside of the European Economic Area (EEA), we safeguard your information by using the following:
- Standard Contractual Clauses: We utilize standard contractual clauses as the data transfer mechanism of transferring EU data to countries subject to data transfer requirements.
If you have any questions about Skedulo’s standard contractual clauses, you may contact us at [email protected]
You may also lodge a complaint with your local supervisory authority, EU Data Protection Authorities (DPAs) or Swiss Federal Data Protection and Information Commissioner (FDPIC). See their contact details here National Data Protection Authorities.
Changes to this Privacy Statement
We may change this Privacy Statement from time to time. If we make any changes, we will notify you by revising the version and date at the top of this Privacy Statement and, in some cases, where appropriate we may provide you with additional notice (such as adding a statement to the log-in screen or sending you an email notification). You can also follow the changes to this document here.
Your continued use of our Services after the revised Statement has become effective indicates that you have read, understood, and agreed to the current version of this Statement.
Please contact us with any questions or comments about this Statement, your Personal Information, our use and disclosure practices, or your consent choices by email at [email protected]