Who Collects Your Personal Information On Our Service?
We do. Under the GDPR, FindingFive is what is known as a "Controller" and a "Processor" of the Personal Data that you provide us with. We collect information from you on the Service, and we are responsible for protection of your personal information.
What Information Does FindingFive Collect?
Requested Information. We collect certain personal information about you, which may be supplied when you register for the Service, when you create or update your account, when you use the Service, from third parties, or otherwise when you submit such information. The types of PII that we collect and save include:
- Contact and account information, such as name, mailing address, email address, payment account information (e.g., credit card number, cvv, and/or bank account numbers), username, and other types of personal information collected through the Service; and
- Technical information, collected in our logs and via cookies. Such information may include standard web log entries that contain operating system information, usage statistics, clickstream data, IP address, previous page URL, referring page URL and timestamps.
- You may provide us with information when you interact with us through email, submit a review or a post, or through other use of the Service. We may retain such information in order to provide you with services, and you agree that we may share this information as needed with other users in order to resolve any issues that may arise between you and another user of the Service.
- The Service may send you push notifications, record photos or video, and request permission to access your photo gallery, camera roll or other device storage area holding your images and recordings, in order for you to upload and transmit them through the Service.
- The Service may also access the internet or use your mobile data plan, and collect location information about you, in order to use certain features of the Service.
- We may also collect location-based information about you.
Non-personal Information. Non-personal information is non-personally identifiable or anonymous information about you, including but not limited to links and materials posted, the type of device you used and its operating system, browser information, time of visit, pages visited, the pages accessed most frequently, how pages and features are used, time spent on a page, when and how you use the Service or App, search terms entered, and similar non-personal data.
Automatically tracking Internet Protocol (IP) addresses is one method of automatically collecting information about your activities online and information volunteered by you. An IP address is a number that is automatically assigned to your device whenever you browse the internet. Further, the Service may utilize web beacons, pixel tags, first and third-party cookies, embedded links, and other commonly used information-gathering tools.
If non-personal information is paired to any of your PII, we will treat the non-personal information as if it were also PII. Part of the purpose of the Service is to share materials you make available. Anything you publicly post will not be considered personal information.
Aggregate Information. We may also collect anonymous, non-identifying and aggregate information such as the type of browser you are using, the type of operating system you are using, the date and time of any request, language preference, referring site, and the domain name of your Internet service provider.
Financial Information. Although it may appear that we collect financial information from you on the Service, it is actually collected and processed through a third-party service provider ("Payment Processor") to process payments for the Service. The Payment Processor may collect financial information such as banking information or credit card number, name, CVV code or date of expiration, from you on the Service. We do not hold your financial information.
Research Content. We may collect information that you upload or otherwise submit to the Service as Research Content. We collect Research Content only if, and to the extent that, you upload or otherwise submit it to the Service. In addition to PII, Research Content may also contain (1) participant data collected in research studies created by other users of the Service, (2) protected health information ("PHI") pursuant to the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009, (collectively, "HIPAA"). Research Content shall only contain your PII or PHI to the extent that you include such PII or PHI in such Research Content. You may not upload PHI regarding another individual. For more information about your rights with respect to protected health information, see our HIPAA Notice of Privacy Practices.
Why Is My Information Being Collected?
We need to collect your PII so that we can provide the Service, respond to your requests for information to integrate with Platforms at your option, to enforce our Terms and Conditions of Service, and to process your requests to access, and make payment for or receive payment from, the Service. We also collect aggregate information to help us better design the Service. We collect log information for monitoring purposes to help us to diagnose problems with our servers, administer the Service, calculate usage levels, and otherwise provide services to you.
We collect Research Content for purposes of providing certain functionalities of the Service.
How Do We Use the PII We Collect?
We use the PII you provide for the purposes for which you have submitted it including:
- Internal Uses. We may use your PII to respond to your inquiries, fulfill your requests for information, track usage trends, conduct experiments, prevent fraud, develop and improve the Service and other offerings, and perform research and analytics.
- Creating and Maintaining Your User Account. We use your PII to create and maintain an account for you to allow you to purchase and use the Service.
- Paying for the Service. Your payment information is collected and processed through our Payment Processor.
- Communicating With You About Our Services. We may use your PII to send you information about new services and other items that may be of interest to you.
We may use anonymous information that we collect to improve the design and content of our Service, and to enable us to personalize your internet experience. We also may use this information in the aggregate to analyze how our Site is used, as well as to offer you programs or services.
We may use your Research Content to provide certain functionalities of the Service, as directed by you. We may also anonymize your Research Content and use it for purposes of improving the design and content of our Service, analyzing how the Service is used, and performing analytics and benchmarking, and for general business purposes.
Do We Share Your PII?
We will not share your PII except: (a) for the purposes for which you provided it, including to other users for the Service to function; (b) with your consent; (c) as may be required by law or as we think necessary to protect our organization or others from injury (e.g., in response to a court order or subpoena, in response to a law enforcement agency request, or when we believe that someone is causing, or is about to cause, injury to or interference with the rights or property of another); or (d) with persons or organizations with whom we contract to perform services for us, including the performance, or development of, aspects of the Service and other internal operations or business activities. We may share your anonymized data with other users as Research Content via the Service, including to other users for the Service to function. We may use and share anonymized Research Content for purposes of improving the design and content of our Service, analyzing how the Service is used, performing analytics and benchmarking, and for general business purposes.
We may also share aggregate information (as defined above) with others, including affiliated and non-affiliated organizations.
We will never share with any persons or organizations the identifiers that can be used to explicitly link your Research Content to your PII, except: (1) as may be required by law or as we think necessary to protect our organization or others from injury (e.g., in response to a court order or subpoena, in response to a law enforcement agency request, or when we believe that someone is causing, or is about to cause, injury to or interference with the rights or property of another); or (2) when other users of the Service implement or use their own custom identification systems and/or collect PII directly to be included in Research Content that will be shared with them.
We may transfer your PII and Research Content to a third party, or our successor-in-interest, in relation to, or in the event of, a merger, acquisition, sale of all or substantially all of our assets, reorganization, bankruptcy, or other change of control. After such disclosure or transfer, the third party or successor in interest may use the information in accordance with applicable law.
How Can You Access And Control Your Information?
After becoming a user of the Service, you may view, revise or edit certain personal information associated with you by logging into the Service and proceeding to your profile.
For instructions on how you can further access your personal information that we have collected, or how to correct errors in such information, please send an email to [email protected]. As required by law, we will promptly stop processing your information and remove it from our servers and database at any time upon your email request, where required by law. You may opt-out of promotional emails by changing the communication settings in your account settings. To protect your privacy and security, we will take reasonable steps to help verify your identity before granting access, making corrections or removing your information.
How We Store and Protect Your Information.
We store your PII on our servers located in the USA if you choose to create your account on our US server (www.findingfive.com), and in the EEA if you choose to create your account on our EU server (eu.findingfive.com). We have physical, electronic, and managerial procedures in place to safeguard and help prevent unauthorized access, maintain data security, and correctly use the information we collect. Unfortunately, no data transmission over the internet or data storage solution can ever be completely secure. As a result, although we take industry-standard steps to protect your information (e.g., strong encryption), we cannot ensure or warrant the security of any information you transmit to or receive from us or that we store on our or our service providers' systems.
If you are accessing the US-server-based Service (www.findingfive.com) from outside of the USA, you understand that your connection will be through and to servers located in the USA, and the information you provide will be securely stored in our servers and internal systems located within the USA.
We store your PII until the earlier of (i) your PII no longer being necessary for the purposes for which it was being processed; (ii) our deletion of your PII in accordance with our data retention decisions as well as retention and other internal policies; or (iii) your request that we remove it from our servers, except in cases where we have the legal obligation, or authority, and we elect, to maintain that information. We store our logs and other technical records indefinitely.
To enhance your online experience with us, our web pages may use "cookies." Cookies are text files that our web server may place on your hard disk to store your preferences. Cookies, by themselves, do not tell us your email address or other PII unless you choose to provide this information to us. Once you choose to provide PII, however, this information may be linked to the data stored in the cookie. Certain features of the Services may not function properly without the aid of cookies. FindingFive uses session cookies, which are necessary to allow you to seamlessly navigate from one page or area of the Site to another during your visit, and these are normally deleted when you close your web browser. We also use persistent cookies for your convenience so that you can log in faster, your preferences are remembered from visit to visit, and that you have an overall more convenient experience while visiting our Site.
We or our service providers may also use "pixel tags," "web beacons," "clear GIFs" or similar means (collectively, "Pixel Tags") in connection with some FindingFive Site pages and HTML-formatted email messages for purposes of, among other things, compiling aggregate statistics about website usage and response rates. A Pixel Tag is an electronic image, often a single pixel (1x1), that is ordinarily not visible to website visitors and may be associated with cookies on visitors’ hard drives. Pixel Tags allow us and our service providers to count users who have visited certain pages of the FindingFive Site, to deliver customized services, and to help determine the effectiveness of promotional or advertising campaigns. When used in HTML-formatted email messages, Pixel Tags can inform the sender of the email whether and when the email has been opened.
As you use the internet, you leave a trail of electronic information at each website you visit. This information, which is sometimes referred to as "clickstream data", can be collected and stored by a website's server. Clickstream data can reveal the type of computer and browsing software you use and the address of the website from which you linked to our Site. We may use clickstream data as a form of non-personally identifiable information to determine how much time visitors spend on each page of our Site, how visitors navigate through the Site, and how we may tailor our web pages to better meet the needs of visitors. We will only use this information to improve our Site, the App, and the Services.
At present, the Service does not specifically respond to browser do-not-track signals, except as to location services.
Collection of Information by Others.
'EEA' Privacy Rights.
If you currently reside in the EEA, the GDPR applies to your PII and you are a Data Subject. The GDPR requires that we, in our capacity as a Controller, have a legal basis to process your PII.
We process your PII under one or more of the following legal bases:
- Processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- For the performance of a contract (e.g., our Terms and Conditions of Service);
- To comply with a legal obligation; and/or
- If we have your consent to do so, such consent being revocable at any time.
Under the GDPR, as a Data Subject you have certain rights. They are:
- The right to be informed. This is your right to be informed about what we are processing, why, and who else the data may be passed to.
- The right of access. This is your right to see what data about you is held by us.
- The right to rectification. This is the right to have your data corrected or amended if what is held is incorrect in some way.
- The right to be forgotten. This is the right to have your personal data deleted in the event that such data is no longer required for the purposes it was collected for, your consent for the processing of the data is withdrawn, or the data is being unlawfully processed.
- The right to restrict processing. This is the right to ask for a temporary halt to processing of your personal data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected.
- The right to data portability. This is the right to ask for your personal data to be provided to you in a structured, commonly used, and machine-readable format.
- The right to object. This is the right to object to further processing your personal data if such processing is inconsistent with the primary purposes for which it was collected.
- Rights in relation to automated decision making and profiling. This is the right to not be subject to a decision based solely on automated processing. The Service does not engage in automated decision making or profiling.
Children and Young People’s Information.
We do not knowingly collect any information from any minors, without proper consent of a parent or legal guardian, and we comply with all applicable privacy laws including the GDPR, the Children's Online Privacy Protection Act ("COPPA"), and associated Federal Trade Commission ("FTC") rules for collecting personal information from minors. Please see the FTC's website (www.ftc.gov) for more information. If you have concerns about this Site, wish to find out if your child has accessed our services, or wish to remove your child's personal information from our servers, please contact us at [email protected]. Our Site will not knowingly accept personal information from anyone under 13 years old in violation of applicable laws, without consent of a parent or guardian. In the event that we discover that a child under the age of 13 has provided PII to us without consent of a parent or guardian, we will make efforts to delete the child’s information in accordance with the COPPA. If you believe that your child under 13 has gained access to our Site without your permission, please contact us at [email protected].
California Privacy Rights.
California law allows California residents to request information regarding our disclosures to third parties in the prior calendar year, if any, of their personally identifiable information. To make such a request, please contact us at [email protected] with "Request for Privacy Information" in the subject line. Please include enough detail for us to locate your file; at a minimum, your name, email, and username, if any. We will attempt to provide you with the requested information within thirty (30) days of receipt. We reserve our right not to respond to requests sent more than once in a calendar year, or requests submitted to an address other than the one posted in this notice. Please note that this law does not cover all information sharing. Our disclosure only includes information covered by the law.
Our Contact Information