Last revised on November 14, 2024, effective as of November 30, 2024
We are committed to protecting our visitors’ and members’ privacy. This Privacy Policy explains what personal and other data of yours will be collected by Databox on its website (databox.com) and our web applications, how the information will be used, and how you can control the collection, use, correction and/or deletion of your information. We will not use or share your information with anyone except as described in this Privacy Policy.
The “Company”, “Databox”, “us”, “we” or “our” refers to Databox Inc., the owner and sponsor of the website and web applications, is a company incorporated in the State of California, USA.
This Privacy Policy is incorporated into and subject to our Terms of Service. BY USING OUR WEBSITE / WEB APPLICATIONS, YOU AGREE TO THE TERMS OF THIS PRIVACY POLICY.
Please review this Privacy Policy carefully so that you understand our privacy practices. If you do not agree to any of these practices, your remedy is not to use the website or web applications.
Information you provide to us – You provide us information about yourself, such as your name, telephone number (business or mobile), email address (business) and company affiliation, such as when you register with us (described below), complete our webform to sign up for a demonstration or otherwise contact us. If you correspond with us by email, by phone or via the website, we may retain the content of your messages, your email address or phone number and our responses.
Registration on our website – Individuals accessing our web applications are asked to register (sign up for a free/paid account) via our website. When you register, you will be asked to provide some limited personal data: your name, company affiliation and company email address. Also required is a unique password to access your account. (Please do not share your password with anyone.)
When you register and set up an account, and upon accessing our web applications, you will be asked to confirm your associated Profile Settings, which includes such information as how you wish to be contacted.
You can also register and create an account through Google. Personal data you have provided to Google will be made available to us to set up your account. When you sign up for an account with us through Google, you are agreeing to this Privacy Policy and our Terms of Service.
We do not collect “sensitive” or “special” categories of personal data.
User content – There may be public areas of the website or web applications where users can post messages, participate in public bulletin boards. Rules for posting user content is governed by our Terms of Service.
Information you provide automatically – When you access the website, we automatically collect certain personal and other information regarding, for example, the device you are using and how you interact with the website and web applications. Collected information may specifically include: (1) the browser types and versions used, (2) the operating system used by your device, (3) the website from which access our website (so-called referrers), (4) the sub-websites, (5) the date and time (so-called timestamp) of access to the Internet site, and (6) the Internet protocol address (IP address) associated with your device. We will store this information in server log files. We also automatically collect information about your use of the website and web applications, such as web requests, number of clicks, domain names, pages viewed and the amount of time spent on particular pages.
This information is needed to (1) deliver the content of our website and web applications correctly, (2) optimize the content of our website and web applications, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.
In addition, tracking information is collected as you navigate through our website or web applications. To help us serve your needs better, we use “cookies” to store and sometimes track user information. A cookie is a small amount of data that is sent to your browser from a web server and stored on your device’s hard drive. Cookies can be disabled or controlled by setting a preference within your browser. You may also be able to delete or opt out of cookies. Please see our Cookies Policy for more information.
In addition, log file information is automatically reported by your browser each time you access a web page. When you register with or view our website or web applications, our servers automatically record certain information that your browser sends whenever you visit any website.
Databox also analyzes anonymously collected data and statistics to improve your experience and to ensure and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by users.
Online Newsletter – The Databox newsletter, which is distributed via email, contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such emails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, Databox may see if and when an email was opened by the recipient and which links in the email were called up (clicked on).
Company Information – You may provide other information about you and your company, such as your role, industry, company size, annual revenue, etc. Such information is securely stored and might be used for benchmarking and other targeting purposes. Databox may collect such information with the help of third-party sub-processors, to ensure a better experience and profiling. You may update or correct such information, at any time, by logging in to your account.
This personal data will not be passed on to third parties. You can elect to opt out of receiving our online newsletter at any time by clicking on the “Unsubscribe” link at the bottom of our emails or by contacting us directly at compliance@databox.com.
Databox may use your data to calculate and provide benchmarking services. The data collected for participation in the benchmarks ecosystem shall, at any time, be anonymized and removed from any personal or sensitive information.
In addition, to ensure anonymity, benchmarks shall be calculated and available only, if Databox has at least 10 different sources of data within the selected cohort.
You may, at any time, decline to participate in benchmarks, by logging in to your account and opting-out.
In general, we use the personal data and other information collected to provide you with the best possible experience when using the Databox website and web applications. This information also helps us understand who uses our products, how to improve our services, to provide our help desk services, to contact you for customer service and billing purposes, and to facilitate the delivery of Databox marketing information about our products and services.
We use the personal data you submit to operate, maintain, and provide to you the features and functionality of our products and services. Any personal data or user content that you voluntarily disclose by posting to Databox may become available to the other users in your account. If you remove user content, copies may remain viewable in cached and archived pages, or if other users have copied or stored your user content.
We will use your registered email address to send you Databox-related notices about products or services you have requested, the status of your account or other administrative or technical information, including any notices required by law. We may also use your email address to send you other messages, such as newsletters, changes to features within Databox, or special offers. If you do not want to receive such email messages, you may opt-out at any time from your Profile Settings or by clicking on the “Unsubscribe” link at the bottom of our email. You can also opt out of receiving our marketing messages by contacting us at compliance@databox.com.
We do not share your email or other personal data with third parties for their marketing activities.
In our efforts to refine our advertising strategies and provide our customers with the most relevant and effective online experiences, it is necessary to collaborate with third-party advertising platforms. To this end, we may share hashed, anonymized data (e.g., email addresses and non-app-based website interactions) with recognized third-party services such as Google, LinkedIn, and Meta (Facebook). This data sharing enables us to enhance our retargeting campaigns, ensuring that our advertisements are optimally tailored to meet the interests and needs of our consumers. Importantly, the data shared is processed in a manner that does not reveal personal identification, maintaining our commitment to customer privacy.
We use cookies, clear gifs, and server log file information to remember information so that you will not have to re-enter it during your visit or the next time you visit the site; provide custom, personalized content and information; monitor the effectiveness of our service; monitor aggregate metrics such as total number of visitors and traffic; diagnose or fix technology problems reported by our users or engineers that are associated with the IP addresses controlled by a specific web company or ISP; and help you efficiently access your information after you sign in. More information about our use of cookies is available in our Cookies Policy.
We may employ independent contractors, vendors and suppliers (collectively, “Outside Contractors”) to provide specific services and products related to the Databox website and our services, such as hosting, customer service, credit card processing and fraud screening, and mailing list hosting. In the course of providing products or services to us, these Outside Contractors may have access to information collected through the Databox website or web application, including your personal data. We require that these Outside Contractors agree to (1) protect the privacy of your personal data consistent with this Privacy Policy and the Terms of Service and (2) not use or disclose your personal data for any purpose other than providing us with the products or services for which we contracted or as required by law.
As you use our website and web applications, you may interact with our business partners. In order to provide you with additional support, your name and email address may be shared with partners.
As we develop our business, we may buy or sell assets or business offerings. Customer and visitor information is generally one of the transferred business assets in these types of transactions. We may also transfer such information in the course of corporate divestitures, mergers, or dissolution.
Databox may disclose personal data where required to do so by law or subpoena or if we believe that such action is necessary to conform to the law, comply with legal process served on us or our affiliates, or investigate, prevent, or take action regarding suspected or actual illegal activities; to enforce our Terms of Service, take precautions against liability, to investigate and defend ourselves against any third-party claims or allegations, to assist government enforcement agencies, or to protect the security or integrity of our site; and to exercise or protect the rights, property, or personal safety of Databox, our users or others.
In addition, we may perform statistical analysis of customer usage in order to measure interest in, and use of, the various parts of the Website, and may share that information in the course of our business, but such shared information shall be in anonymous and/or aggregated form only (statistics, etc.), and will contain no personal data.
Databox does not rent or sell your personal data to others.
California “Shine The Light” – As provided by California Civil Code 1798.83, if you are a California resident, you have the right to receive (a) information identifying any third party company(ies) to whom we have disclosed your personal data to in the past year; and (b) a description of the categories of Personal data disclosed. To obtain such information, please email your request at compliance@databox.com with “California Privacy Rights Request” in the subject line.
If you are a California resident under the age of 18, and a registered user of any website where this policy is posted, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information you have publicly posted. To make such a request, please send an email with a detailed description of the specific content or information to compliance@databox.com. Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.
Do Not Track. Please note that we do not alter our website’s data collection and use practices when we receive a Do Not Track signal from your browser.
California Consumer Privacy Act – The California Consumer Privacy Act (as amended by the California Privacy Rights Act) (together, the CCPA) gives California consumers enhanced rights with respect to their personal data that is collected by covered businesses. This section describes how we collect, use, and share California consumers’ personal data in our role as a business, and the rights applicable to such residents.
We have collected the following statutory categories of personal data in the past twelve (12) months:
The business and commercial purposes for which we collect this information are described in this Privacy Policy in the section, “How We Use Your Information”. The categories of third parties to whom we “disclose” this information for a business purpose are described in the “How We Share Information” section of this Privacy Policy. The period of time for which we retain this information is described in the “Data Security and Retention” section of this Privacy Policy.
Under the CCPA, California consumers have certain rights regarding the personal data we collect or maintain about you. Please note these rights are not absolute, and there may be cases when we decline your request as permitted by law. These rights include:
In some instances, your rights may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights. Depending on your location, and applicable laws, you may have the right to complain to a data protection or other governmental authority about our collection and use of your personal data.
The CCPA also prohibits covered businesses from providing discriminatory treatment to California consumers if they exercise their rights under the CCPA.
If you are a California consumer and wish to exercise any of your CCPA privacy rights, please email us at: compliance@databox.com with proof of your California residency. California consumers can use an authorized agent to submit a request on their behalf. We may request proof that the consumer gave the agent signed permission to submit the request.
We will confirm receipt of your request within 10 business days. We must provide the requested information or delete or correct your personal data within 45 days of receipt of your request, but we can use up to an additional 45 days if we let you know that additional time is needed.
Before responding, we must verify that the person making the request is the person about whom we have collected their personal data. We may ask you to provide certain, limited personal data, such as your name and email address to verify and match your identity with our records and systems. If you have an account with us, we may ask that you verify your identity through our account authentication process. This is also to protect against fraud. We will not retain this personal data or use it for any other purpose.
Also please be advised that we need to search our records and systems only for the preceding 12 months. There may be cases where we do not have any personal data about you or we are not able to verify your identity for matching purposes.
In providing its services to its clients, Databox may be considered a “service provider” for purposes of the CCPA. Databox may also use the services of third parties that may also be considered “service providers” under the CCPA. To the extent requested by our clients, we will assist with responding to requests from California consumers regarding their privacy rights under the CCPA. If we receive a request from a California consumer to know or to delete what personal data we collect on behalf of our client for which we perform services, we will direct the consumer to submit the request directly to our client. If possible, we will provide the consumer with contact information for the client.
We do not “sell” or “share” your personal data to third parties for any purpose.
We use and disclose the personal data to process, evaluate and communicate with job applicants about their application and qualifications for the position applied for, to check your references and to communicate with you about other jobs for which you may be qualified.
Several other US states have enacted consumer privacy laws similar to the CCPA. Like the CCPA, these other state consumer privacy laws may provide certain privacy rights to their residents. To the extent applicable, we will honor privacy rights requests under these other US state consumer privacy laws. Please email us at: compliance@databox.com with proof of your state residency and request.
Databox and our website and web applications are located and hosted in the United States and governed by US law. If you are outside the United States when you visit the website, web application or engage in communications with us via mail, e-mail or telephone, please be aware that your personal data may be transferred to, stored and processed in the United States where our servers are located. Any information you provide to us, or that we collect through your use of the websites or web applications will be stored, processed, and transferred within or to the United States. Please be aware that the United States and jurisdictions other than the one in which you are located may not provide the same level of data protection as considered adequate in your country. Note also that your personal data may be available to the US Government or its agencies under legal process in the United States.
The Legal Basis for Using EEA and UK Personal data
For residents of the European Economic Area (EEA) and United Kingdom (UK), we advise that your personal data will be transferred to and processed in the United States, which has data protection laws that are different from those in your country and may not be as protective. The United States has not sought or received a finding of “adequacy” from the European Union under Article 45 of the General Data Protection Regulation (“GDPR”). Our legal basis for collecting and using your personal data is to do so with your consent; where we need the personal data for performance of a contract or requested service, including to provide you with our Newsletter, or where the collection and use is in our or another’s legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect the personal data in question. If we collected your personal data with your consent, you may withdraw your consent at any time.
Our retention of your personal data and any subsequent communications are based on our legitimate interest in providing you with new and potentially relevant materials based on your geography, role, or company. As always, you can elect to opt out from receiving such future communications.
To the extent that we transfer Personal data from the EEA, to a jurisdiction outside the EEA that has not been adduced by the European Commission as providing adequate data protections (such as the United States), we will ensure that such personal data is safeguarded through appropriate contractual terms or other approved mechanisms.
Rights for EEA and UK Residents
In addition, if you are a resident of the EEA or United Kingdom you have the right to:
Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
If we ask you to provide personal data to us to comply with a legal requirement or enter into a contract, we will inform you of this and let you know whether providing us with your personal data is required and if not, the consequences of not sharing your personal data with us.
Similarly, if we collect and use your personal data in reliance on our or a third party’s legitimate interests and those interests are not already described above, we will let you know what those legitimate interests are.
We endeavor to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with us and the practices described in this Privacy Policy.
To withdraw consent or exercise these rights, please contact us via email at compliance@databox.com.
If you are not satisfied with our response, or believe we are processing your personal data in violation of the law, you have the right to lodge a complaint with the Supervisory Authority (also known as Data Protection Authority) or other appropriate governmental authority in your EEA Member State. You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available at EDPB – The European Data Protection Board website.
Personal data we collect is securely stored within our database on our own servers or databases hosted by cloud provider in secured environments. We use standard, industry-wide, commercially reasonable security practices such as encryption, firewalls and SSL (Secure Socket Layers – 256 bit) for protecting your information. A further description of our implemented security measures appears in our Security Policy.
We cannot, however, ensure or warrant the security of any information you transmit to Databox and you do so at your own risk. Once we receive your transmission of information, Databox makes commercially reasonable efforts to ensure the security of our systems. However, please note that this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. Please do not provide your account password to another person. We cannot be responsible for a data breach or other incident if a password is used by unauthorized persons.
We will keep your personal data in active files or systems as long as needed to meet the purposes for which it was collected, to provide the services or products you requested, or as otherwise may be required by law.
Protecting the privacy of young children is especially important. Databox and its products and services are intended for adults 18 years or older. Since our content and services are not directed towards kids, children under 16 are not allowed to register with our website or to participate in public posting areas on our website. If you are under 16, please do not send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 16 is allowed to provide any personal data to or on Databox. If we discover that we have collected personal data from a child under the age of 16 without parental consent, Databox will delete that information as soon as possible, but no later than in 30 days.
Your user content is kept private in your network. Databox does not monitor the user content you post on the website. We do not have administrative tools to view our users’ messages, and access to the database is only granted to our technicians on a case-by-case basis to troubleshoot specific technical issues, or as may be required by law. The rules for posting user content are in our Terms of Service.
Except as otherwise described in this Privacy Policy or in the Terms of Service, as applicable, we will only use personal data for the purposes described above or as otherwise disclosed at the time we request such information from you. You must “opt in” and give us permission to use your personal data for any other purpose. You may always change your preference and “opt out” of receiving certain marketing communications from us by clicking the “Unsubscribe” link included on the bottom of all such communications, or by contacting us via email at compliance@databox.com.
We will reveal a user’s personal data without his/her prior permission only when we have reason to believe that the disclosure of this information is required to establish the identity of, to contact or to initiate legal proceedings against a person or persons who are suspected of infringing rights or property belonging to Databox or to others who could be harmed by the user’s activities or of persons who could (deliberately or otherwise) transgress upon these rights and property. We also may disclose personal data when we have good reason to believe that this is legally required.
You can ask to review and correct the information about you that Databox keeps on file by contacting us. Customers have the right to request the restriction of certain uses and disclosures of personally identifiable information as follows. You can contact us in order to (1) update or correct your personally identifiable information, (2) change your preferences with respect to communications and other information you receive from us, or (3) delete the personally identifiable information maintained about you on our systems (subject to the following paragraph), by cancelling your account. Such updates, corrections, changes and deletions will have no effect on other information that we maintain, or information that we have provided to third parties in accordance with this Privacy Policy prior to such update, correction, change or deletion.
You may update or correct your account information and email preferences at any time by logging in to your account. To protect your privacy and security, we may take reasonable steps (such as requesting a unique password) to verify your identity before granting you access to your Profile Settings or making corrections. You are responsible for maintaining the secrecy of your unique password and account information at all times.
You should be aware that it is not technologically possible to remove each and every record of the information you have provided to us from our system. The need to back up our systems to protect information from inadvertent loss means that a copy of your information may exist in a non-erasable form that will be difficult or impossible for us to locate. Promptly after receiving your request, all personal data stored in databases we actively use, and other readily searchable media will be updated, corrected, changed or deleted, as appropriate, as soon as and to the extent reasonably and technically practicable.
You may, of course, decline to submit your personal data through Databox, in which case Databox may not be able to provide certain services to you.
In the event that personal data is compromised as a result of a breach of security, Databox will promptly notify those persons whose personal data has been compromised, in accordance with the Notification Procedures set forth in this Privacy Policy, or as otherwise required by applicable law.
You should be aware that if you voluntarily disclose personal data in public areas, on public bulletin boards or within the website, that information might be collected and disseminated by third parties, and result in, among other things, unsolicited inquiries, messages, and offers from third-parties. Please understand that any information that is disclosed in these areas becomes public information and this third-party conduct is out of the control of Databox.
Please also be aware that if you voluntarily disclose personal data in your account, all users who are authorized to access such areas (users in your account) will have access to such personal data, and that information might be collected and disseminated by those users, and may result in, among other things, unsolicited inquiries, messages, and offers from such users. Databox urges you to exercise caution when deciding to disclose any personal data on the web application or website.
The website or web applications may also contain links to other websites owned or controlled by third parties. We are not responsible for the privacy practices or the content of such third-party websites. Before accessing any website, it is suggested you review the applicable privacy and other policies.
If we change this Privacy Policy, we will post those changes on our website and notify users according to our Notifications Regarding This Privacy Policy to keep you aware of updates and changes as to what information we collect, how we use it and under what circumstances we may disclose it. Changes to this Privacy Policy are effective as of the date indicated above.
However, we will not make changes that result in significant additional uses or disclosures of your personal data without notifying you of such changes via email at least 14 days before such changes would apply.
If any non-significant changes to this Privacy Policy are unacceptable to you, you must immediately contact us and, until the issue is resolved, stop using the Databox website and any services we provide. Your continued use of our services and the Databox website and web application following the posting of non-significant changes to this Privacy Policy constitutes your acceptance of those changes.
If you have any questions or comments about this Privacy Policy or feel that we are not abiding by the terms of this Privacy Policy or applicable data protection laws, please contact our Data Protection Officer in any of the following ways:
By email: compliance@databox.com
By postal mail or courier: Databox Inc. 6 Liberty Square PMB #471 Boston, MA 02109 USA
If we need to notify our users about this Privacy Policy, we may do so using contact information associated with your account or otherwise provided to us.