Privacy Policy

When you use and interact with our websites, services, or communicate with us, we may collect, use and process information relating to you and your company (“your data”). This Privacy Policy summarizes our practices and your related rights with respect to your data. The term “our company” in this document refers to OrgChart, LLC.

We may transfer your data if we are acquired by or merged with another company. In this event, we will notify you before information about your data is transferred and becomes subject to a different privacy policy.

Web sites & applications covered

Our applications and web sites may contain links to other web sites. The information practices or the content of such other web sites is governed by the privacy statements or policy of such other web sites. Our company encourages you to review the privacy statements/policy of other web sites to understand their information practices.

Information collected

When expressing an interest in obtaining additional information about our services or registering to use our services, we may require you to provide contact information, such as your name, your company name, a phone number, or email address. When purchasing our services, we may require you to provide our company with billing information, such as a billing address, credit card number, or the number of employees within your organization (“Billing Information”). We may also ask you to provide additional information to help us determine which product or service is appropriate for your use case.

As you navigate our company’s web sites and applications, we may also collect information through the use of commonly used information-gathering tools, such as cookies and web beacons (“Web Site Navigational Information”). Web Site Navigational Information includes standard information from your web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on our company’s web sites (such as the web pages viewed, and the links clicked).

Use of information collected

Our company uses your data to provide you with requested services. For example, if you fill out a “Contact Me” web form, our company will use the information provided to contact you about your interest in our services.

Our company may also use your data for marketing purposes. For example, our company may use your data to inform you about available products and services.

We use credit card information solely to collect payment from prospective customers. We use Web Site Navigational Information to operate and improve our company’s web sites.

Web Site Navigational Information

Cookies, Web Beacons and IP Addresses
We use commonly used information-gathering tools, such as cookies and web beacons, to collect information as you navigate our company’s web sites (“Web Site Navigational Information”). This section describes the types of Web Site Navigational Information used on our company’s web sites and how this information may be used.

Cookies

We use cookies to make interactions with our company’s web sites easy and meaningful. Unless you choose to identify yourself to us, either by responding to a promotional offer, opening an account, or filling out a web form (such as a “Contact Me” or a “Free Trial” web form), you remain anonymous to our company. Our accounts use persistent cookies (cookies that remain on your computer after you close your browser or turn off your computer) to store some user preferences. Persistent cookies do not personally identify you.

Web Beacons

We use web beacons alone or in conjunction with cookies to compile information about customers and visitors’ usage of our company’s web sites and interaction with emails from our company. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you view a particular web site tied to the web beacon, and a description of a web site tied to the web beacon. For example, we may place web beacons in marketing emails that notify our company when you click on a link in the email that directs you to one of our company’s web sites. We use web beacons to operate and improve our company’s web sites and email communications.

IP Addresses

When you visit our web sites or applications, our company collects your Internet Protocol (“IP”) addresses to track and aggregate non-personal information. For example, we use IP addresses to monitor the regions from which customers and visitors navigate our company’s web sites.

Public forums, refer a friend, and customer testimonials

We may provide bulletin boards, blogs, or chat rooms on our company’s web sites. Any personal or corporate information you choose to submit in such a forum may be read, collected, or used by others who visit these forums, and may be used to send you unsolicited messages. We are not responsible for the personal information you choose to submit in these forums.

Customers and visitors may elect to use our company’s referral program to inform friends about our company’s web sites. When using the referral program, our company requests the friend’s name and email address. We may send the friend a one-time email inviting them to visit our company’s web sites.

We may post a list of customers and testimonials on our company’s web sites that contain information such as customer names and titles. We will obtain the consent of each customer prior to posting any information on such a list or posting testimonials.

Sharing of information collected

Service Providers

We may share data about customers with our company’s contracted service providers so that these service providers can provide services on our behalf. We may also share data about customers with our company’s service providers to ensure the quality of information provided. Unless described in this Privacy Policy, we do not share, sell, rent, or trade any information with third parties for their promotional purposes. All service providers privacy policies must meet or exceed our stated privacy requirements.

Billing

We may use a third-party service provider to manage credit card processing. These service providers are not permitted to store, retain, or use billing information except for the sole purpose of credit card processing on our company’s behalf.

Compelled Disclosure

We reserve the right to use or disclose information provided if required by law or if our company reasonably believes that use or disclosure is necessary to protect our company’s rights and/or to comply with a judicial proceeding, court order, or legal process.

International transfer of information collected

All data currently stored on our servers is subject to any applicable laws/regulations within the region where the server is hosted. Please contact [email protected] with any data residency specific requirements. Data loaded into our services will not be transferred to another region without your permission.

Communications preferences

You may send a request to opt out of receiving any marketing and/or sales communications to [email protected]. Customers cannot opt out of receiving transactional emails related to subscribed services.

Correcting and updating your information

To update billing or other customer Information or to have information deleted, please email [email protected]. To discontinue your account and to have information you maintained in the Services returned to you, please email [email protected]. Requests to access, change, or delete your information will be handled within 30 days of written request.

Customer Data

Customers may electronically submit data or information to the services for hosting and processing purposes (“Customer Data”). We will not review, share, distribute, or reference any such customer data except as required by law*. We may access customer data only for the purpose of providing the services, preventing or addressing service or technical problems, at a customer’s request in connection with customer support matters, or as may be required by law*.

*As required by law in the countries where we do business. For example, we adhere to all U.S. Privacy Laws including but not limited to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”), Colorado Privacy Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, and Virginia Consumer Data Protection Act.

Security

We use robust security measures to protect customer data from unauthorized access, maintain data accuracy, and help ensure the appropriate use of customer data. We host our web sites and applications in a secure server environment that uses firewalls, intrusion detection systems, and other advanced technology to prevent interference or access from outside intruders. Customers are responsible for maintaining the security and confidentiality of their usernames and passwords. All passwords are encrypted using one way encryption mechanisms and are encrypted both while in transit and at rest.

Data Storage

We use certified third hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run our services. Although we own the code, databases, and all rights to our applications, you retain all rights to your data. Our primary hosting partner is AWS (Amazon Web Services). We do an annual audit of AWS to ensure compliance with standards/regulations including GDPR, SOC 2 and ISO 27001. See https://aws.amazon.com/compliance/programs/ for additional information. We also geolocate data within AWS to ensure compliance with GDPR (for example, EU customers are hosted within EU data center facilities).

Google Integration

The Google Slides export feature requires permissions to view and manage Google Drive files and folders that you have opened or created using our services. By utilizing this service, you agree to allow our services access to your Google Drive directories to create, manage, and upload files created by our services. We adhere to Google API Services User Data Policy, including the Limited Use requirements.

Changes to this Privacy Policy

We reserve the right to change this Privacy Policy. We will provide notification of the material changes to this Privacy Policy through our company’s web sites at least thirty (30) business days prior to the change taking effect.

Your California Privacy Rights

If you are a California resident, California Civil Code Section 1798.83 permits you to request and obtain from us once a year, free of charge, information about the personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you do not want your name and contact information to be shared with any company or organization, you may notify us at any time by emailing us at [email protected].

GDPR

The General Data Protection Regulation (GDPR) is a set of laws enacted in the EU in 2018. GDPR has specific requirements regarding data processing and transfer of data outside of the EU. Our company has a consistent level of data protection and security across our organization which we have extended to ensure GDPR compliancy. A complete GDPR statement can be obtained by emailing [email protected].

Data Protection Framework

OrgChart, LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. OrgChart, LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. OrgChart, LLC has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

OrgChart is responsible for the processing of personal data it receives under the DPF and subsequently transfers to a third party acting as an agent on its behalf.  OrgChart complies with the DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.

The Federal Trade Commission has jurisdiction over OrgChart’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.  In certain situations, OrgChart may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, OrgChart commits to refer unresolved complaints concerning our handling of Non-HR personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. For clarity, Non-HR data includes all personal data processed by OrgChart on behalf of its customers. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint.  The services of TRUSTe are provided at no cost to you.

Further, OrgChart commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on  the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

For complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website.

ADP Marketplace Customers

Any customers purchasing our services through the ADP Marketplace are subject to the terms of the applicable ADP privacy policy(s). For these customers, the terms of the applicable ADP privacy policy(s) take precedence over any terms stated within our privacy policy.

Contacting us

Questions regarding this Privacy Policy or the information practices of our company’s web sites should be directed to [email protected] or mailed to:

OrgChart, LLC
Attention: Legal Department
201 Alameda Del Prado Suite #301
Novato, CA 94949

v2.3 — Last updated September 19, 2024