Butterfly takes the privacy of each and every employee and manager seriously and information is handled with care.
Terms of Service
Annex 1: Terms of Purchase and Use
Please read carefully before purchasing the products and using this SAAS service. By purchasing the products, and/or accessing and using the SAAS service and the associated website, applications and tools, you agree to be legally bound by the terms and conditions set forth herein. These terms of purchase and use form part of the SAAS subscription agreement, which you are required to accept in connection with your initial and all subsequent purchasing of the products and use of the SAAS service.
Purchase of Products
You agree to purchase the Products consisting generally of the software shown in each Order Form that is completed and approved under the SAAS Subscription Agreement.
If the Order Form provides a schedule for delivery, the schedule is an estimate and is subject to availability of the Products, readiness of the site for installation, and scheduling of installers, as applicable. In the event the Products are not be available within a reasonable period of time of the scheduled delivery, you may at your option (a) terminate the purchase of undelivered Products, or (b) to accept postponement of delivery until such time as Service Provider can complete the delivery of the Products. In no event shall Service Provider be liable to you or any users for any delay or impact costs or damages associated with any late, partial or incomplete delivery.
SAAS Services; Grant of Rights
If SAAS Services are obtained pursuant to an Order Form, Service Provider grants you and your staff (collectively, the “Users”), for the Term of Service indicated in the Order Form, a limited, non-exclusive, terminable, non-transferable license to access and use the services, tools and applications provided through the SAAS Service subject to these Terms of Purchase and Use. The SAAS Service may include download areas and product information provided by Service Provider or third-party vendors. All SAAS Services, including any updates, enhancements, new features, and/or the addition of any new Web properties, are subject to these Terms of Purchase and Use. All rights not expressly granted to you and your Users pursuant to the SAAS Subscription Agreement are reserved to Service Provider, and all uses of the SAAS Service not expressly permitted hereunder are prohibited.
Permitted and Prohibited Use
Limited Use. You and your Users may access the SAAS System and use the SAAS Services solely to support and operate in your internal business (i) the Products purchased by you from Service Provider; and (ii) Service Provider's web-based monitor and control management portal (“the “Portal”). Service Provider reserves the right, in its sole discretion, to limit your and/or your Users' use of the SAAS Services in the event that Service Provider determines that your and/or your
Users' use thereof to be inconsistent with such purposes, and/or otherwise inconsistent with these Terms of Purchase and Use.
Prohibited Uses. You agree, for yourself and all your Users, as a condition of use of the SAAS Services, not to use the SAAS Services for any purpose that is unlawful or prohibited by these terms, conditions, and notices. You and your Users may not use the SAAS Service in any manner that could damage, disable, overburden, or impair any Service Provider or subscriber server, or the network(s) connected to any Service Provider or subscriber server, or interfere with any other party's use and enjoyment of any of the SAAS Services. You and your Users may not attempt to gain unauthorized access to any part of the SAAS Services, other accounts, computer systems or networks connected to any Service Provider or subscriber server or to any part of the SAAS Services, through hacking, password mining or any other means. You and your Users may not obtain or attempt to obtain any materials or information through any means not intentionally made available through the SAAS Services. Except as expressly set forth herein, you and your Users may not (i) copy, reproduce, alter, modify, transmit, perform, create derivative works of, publish, sub-license, distribute, or circulate the SAAS Services, or any associated applications, tools or data thereof; (ii) disassemble, decompile, or reverse engineer the software used to provide the SAAS Services, or use a robot, spider, or any similar device to copy or catalog any materials or information made available through the SAAS Services; or (iii) take any actions, whether intentional or unintentional, that may circumvent, disable, damage or impair the SAAS Services' control or security systems, or allow or assist a third party to do so.
Suspension of Service. Service Provider may at any time suspend (or require that you suspend) the access of Users to the SAAS Services and/or disable their Login Information in the event of violation of these terms and conditions. Grounds for doing are not limited but may include, for example, legal or regulatory reasons, investigation of suspicious activities, or action by authorities, or if Service Provider or you have has reason to suspect any such User is engaged in activities that may violate these Terms of Purchase and Use, applicable laws, or subscriber policies, or are otherwise deemed harmful to Service Provider, your organization, your and our respective network or facilities, or other Users. Service Provider shall not be liable to any User for suspension of SAAS Service, regardless of the grounds.
Ownership; Subscriber and User Submissions
As between you and your Users and Service Provider, the SAAS Services, any material or information provided pursuant to the SAAS Services, and any associated applications, tools or data, and all additions, modifications and improvements made or specified by Service Provider, its agents or contractors, are the property of Service Provider, and are protected by United States and international copyright, trademark and patent laws, as applicable. By using the SAAS Services, neither you nor your Users gain any ownership interest in such items.
Service Provider does not claim ownership of the usage information you or your Users provide for the use and operation of the SAAS Services. Service Provider and its vendors and contractors may use such information to operate and administer the SAAS Services. In addition, Service Provider may retain, analyze, use and share such information in anonymous, filtered, or aggregate form for general business purposes.
Service Provider reserves the right to upgrade, modify, replace or reconfigure the SAAS Services at any time, provided that you will be provided at least seven (7) days' advance notice for changes that materially and adversely affect any use of the SAAS Services. Service Provider may also change the fee schedule, support terms, and service level agreements for the SAAS Services subject to at least thirty (30) days' advance notice, except that the change will not apply for the remainder of the Term of Service to the amount and type of SAAS Services you have contracted for under existing Order Forms. Any such notice may be given and shall be effective if provided in an email sent to your account representative, or if included in any amendment, extension or new version of this Agreement or any Order Form.
Links to Third Party Sites
The SAAS Service may provide links that allow you or your Users to leave Service Provider's site and/or access third party websites. The linked sites in many cases are not under the control of Service Provider and Service Provider is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. Service Provider is not responsible for webcasting or any other form of transmission received from any linked site. Service Provider provides these links only as a convenience, and the inclusion of any link does not imply endorsement by Service Provider of the site.
Use of Passwords; Internet
You are responsible for providing the list of Managers and Administrators who will who will receive an email inviting them to create their accounts. Each User must have a valid email address for the purpose of accessing the SAAS Services. You and your Users must keep all Log-In Information strictly confidential. Log-In Information may be used only by the assigned User and may not be shared or transferred without your consent and control.
You and your Users are responsible for maintaining the confidentiality of that User's username and password. You and your Users are responsible for any and all activities that occur under all your Users' accounts. You agree to notify Service Provider immediately of any unauthorized use of your Users' accounts or any other breach of security. Service Provider will not be liable for any loss that you or a User may incur as a result of someone else using your Users' passwords or accounts, either with or without the applicable Users' knowledge.
Service Provider does not guarantee the security of any information transmitted to or from you or any User over the Internet, including through the use of e-mail. Access to the Internet, if employed, is your and each User's sole responsibility and the responsibility of Internet provider(s) you select. Service Provider does not accept any responsibility for failure of service due to Internet facilities, including related telecommunications or equipment.
Communications from Service Provider
Service Provider may periodically contact you or Users for customer service purposes. By accessing the SAAS Services, you and each Use consent to receive such communications. You agree that Service Provider may reference its business relationship with you in its marketing or sales materials.
You agree to pay at the time indicated in each Order Form all payments due from you thereunder. If not otherwise indicated in the Order Form, all payments are due thirty (30) days from invoice.
You agree to accept responsibility for paying and reporting (a) all federal, provincial, state and local taxes, however designated, levied or based on account of the purchase price of the Products or SAAS Services or on account of your acquisition or ownership or use of the Products (exclusive only of taxes based on net income derived by Service Provider), and (b) all foreign taxes, export or import tariffs, and custom duties, however designated, levied or based in connection with the sale conducted hereby, the purchase price of the Products and the SAAS Services, or your acquisition or ownership or use of the Products. You agree to hold Service Provider harmless from all claims and liability arising in connection with Purchaser's failure to report or pay such taxes.
In the event that you default in any of the terms and conditions of the SAAS Subscription Agreement, including these Terms of Purchase and Use and any Order Forms completed and approved thereunder, or a petition for bankruptcy is filed by or against you, then, to the extent permitted by applicable law, Service Provider shall have the right to exercise one or more of the following remedies: (a) To declare the entire amount of the unpaid total purchase price due and payable plus all service fees that would otherwise come due for the remainder of the Term of Service, together with interest thereon at the lesser of 18% per annum or the then highest allowable legal rate per annum; (b) and to terminate this Agreement as to any or all of the Order Forms. All remedies of Service Provider hereunder are cumulative and may, to the extent permitted by law, be exercised concurrently or consecutively and jointly or severally, and the exercise of any one remedy shall not be deemed to be an election of such remedy to preclude the exercise of any other remedy. No failure on the part of Service Provider to exercise, and no delay in exercising any right or remedy hereunder shall operate as a waiver thereof; nor shall any single or partial exercise by Service Provider of any right or remedy hereunder preclude any other or further exercise of any partially exercised right or remedy.
Notice Specific to Software Available with the SAAS Services
Any software that is made available to download from the SAAS Services (“Software”) is the copyrighted work of Service Provider and/or its suppliers. Use of the Software is governed by the terms of the end user license agreement, if any, which accompanies or is included with the Software (“License Agreement”). In some cases, you or a User may be unable to install any Software that is accompanied by or includes a License Agreement, unless you first agree to the License Agreement terms.
The Software so provided is made available for download solely for use according to the License Agreement. Any reproduction or redistribution of the Software not in accordance with the License Agreement is expressly prohibited by law, and may result in civil and criminal penalties. Without limiting the foregoing, copying or reproduction of the software to any other server or location for further reproduction or redistribution is expressly prohibited, unless such reproduction or redistribution is expressly permitted by the license agreement accompanying such software.
RESTRICTED RIGHTS LEGEND. Any Software which is downloaded from the Services for or on behalf of the United States of America, its agencies and/or instrumentalities (“U.S. Government”), is provided with Restricted Rights. Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 or subparagraphs (c)(1) and (2) of the Commercial Computer Software -- Restricted Rights at 48 CFR 52.227-19, as applicable.
Termination of the SAAS Subscription Agreement; Effect of Termination or Expiration
In the event that you breach any term of the SAAS Subscription Agreement, or you or your Users breach these Terms of Purchase and Use, and such breach is not cured within 10 days after receipt of notice thereof from Service Provider, Service Provider may terminate the SAAS Subscription Agreement in whole or in part immediately upon written notice to you. Notwithstanding the foregoing, there shall be no cure period for any Event of Default that is not curable.
Upon expiration or prior termination of the SAAS Subscription Agreement, all rights granted herein shall revert to Service Provider. All access to and use of the SAAS Services by Users must then cease, and all materials, applications and tools downloaded from the SAAS Service must be erased, deleted, or destroyed.
No Warranties, Limitation of Liability
To the extent that the original manufacturer is not Service Provider or its affiliates and such manufacturer makes any warranties covering the products, Service Provider assigns those warranties to you, subject to the conditions and limitations provided by the manufacturer. Service Provider will cooperate with you, at your cost, to process any warranty claim, but Service Provider assumes no other responsibility for such warranties. The foregoing assignment of warranties is expressly in lieu of any and all other warranties pertaining to the products, express or implied, including, but not limited to, any express warranty arising from any description or specification provided for the products, or any sample or model presented to you or your representatives, or any implied warranties of merchantability, fitness for a particular use or purpose, or title. Your exclusive remedy for any claim based on the condition, performance, defect or non-conformity of the products shall be to make a claim to the original manufacturer for the warranties (if any) provided by the original manufacturer.
The SAAS services and any tools, applications, information or materials provided to you in connection with the SAAS Services are provided “as is,” and all warranties of any kind, past or present, whether statutory, common-law or from a course of dealing or usage of trade, including, without limitation, implied warranties of merchantability, fitness for a particular purpose, accuracy, results or output, security and, except as may be otherwise stated in this agreement, non-infringement, are expressly disclaimed to the fullest extent permitted by law. SAAS does not guarantee or make any representations regarding the use or accuracy of the SAAS Services .
No oral or written information or advice given by Service Provider or its employees shall create a warranty or in any way increase the scope of SAAS's obligations hereunder. In no event shall Service Provider be liable for any lost or corrupted data, downtime, lost profits, business interruption, replacement service or other special, incidental, consequential, punitive or indirect damages, however caused and regardless of theory of liability, including negligence.
Service Provider and its affiliates shall not be liable for loss, injury or damage of any kind to any person or entity resulting from any use, condition, performance, defect or failure in the SAAS Services. You and your Users release and waive all claims against Service Provider, its parent, subsidiaries, affiliated companies, agents or content providers, and the directors, trustees, officers, shareholders, employees, agents and representatives of each of the foregoing (the “Service Provider Group”), from any and all claims, damages, liabilities, costs and expenses arising out of your and your Users' use of the Products and the SAAS Services. California residents waive any rights they may have under §1542 of the California Civil Code, which reads: “A general release does not extend to claims which the creditor does not know or suspect to exist in his favor at the time of executing the release, which if known by him must have materially affected his settlement with the debtor.” You and your Users agree to release unknown claims and waive all available rights under California Civil Code §1542 or under any other statute or common law principle of similar effect. To the extent permitted by applicable law, this release covers all such claims regardless of the negligence of the Service Provider Group.
You represent and warrant that (i) you have full power and authority to enter into the SAAS Subscription Agreement, and to agree to all the terms and conditions contained therein and in these Terms of Purchase and Use; (ii) only you and your Users shall per permitted to access the SAAS Services and any related tools, applications, information and materials provided in connection with the SAAS Services; and (iii) you shall obtain and maintain in effect all permits, licenses and authorizations necessary for the purchase and intended use of the Products and the SAAS Services.
By accessing and/or using the SAAS Services, Users agree to report to Service Provider all claims or suspected claims of copyright or other infringement of Service Provider's intellectual property or other proprietary rights. Claims of infringement should be directed to Legal Department, Service Provider, [Attn: Legal department].
If you believe that any information on the SAAS Site infringes on your copyright, you should notify Service Provider of your claim in accordance with the following procedures. Service Provider will process notices of alleged infringement in accordance with the Digital Millennium Copyright Act (“DMCA”) and other applicable copyright laws. The DMCA requires that notification of claimed infringement be in writing and provided to Service Provider's designated agent of service.
To be effective, the notice of infringement must contain the following information: (1) A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed; (2) Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works at a single online site are covered by a single notification, a representative list of such works at that site; (3) Identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit the Service Provider to locate the material; (4) Information reasonably sufficient to permit the Service Provider to contact the complaining party, such as an address, telephone number, and, if available, an electronic mail address at which the complaining party may be contacted; (5) A statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law; and (6) A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
Personal Data Protection
Each party undertakes to comply with its respective obligations under the Data Protection Legislation, meaning Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the "GDPR"), as well as any legislation and/or regulation implementing or created pursuant to the GDPR and Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (the "ePrivacy Directive"), or which amends, replaces, re-enacts or consolidates any of them, and all other national applicable laws relating to the processing of personal data and privacy that may exist under applicable law.
For the processing activities where the Service Provider, in the context of its tasks, is a data processor processing personal data on behalf of the Customer in the meaning of the Data Protection Legislation, by signing this Agreement, the parties conclude the data processing agreement under Annex 2 to this Agreement, which complies with Article 28 of the GDPR, and agree to amend such agreement in case of changes to the processing activities performed by the Service Provider on behalf of the Customer.
In the event the parties undertake processing activities for which they jointly determine the purposes and the means of processing of personal data, by signing this Agreement, the parties commit to agreeing and concluding in good faith a joint-controllership agreement which complies with Article 26 of the GDPR.
Re-use of Non-Personal Data
For the purpose of this Clause:
(1) the term "Data" shall mean a reinterpretable representation of information in a formalized manner suitable for communication, interpretation, or processing;
(2) the term "Non-Personal Data" shall mean Data other than Personal Data; and
(3) the term "Processing", and all derivatives of such term, shall mean any operation or set of operations which is performed on Data or on sets of Data such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination.
The terms "Personal Data", "Data Subject", and "Third Party", including all derivatives of such terms, shall have the same meaning as in the GDPR.
Customer grants to Service Provider the right to aggregate, Process, or have it Processed by a Third Party, and re-use any and all Data provided by Customer and Users through the use of the Software and SAAS Services, including for purposes of performing big Data analytics and/or generating industry-wide analyses, statistics and reports, to the extent such Processing does not conflict with the normal exploitation of the Data by Customer and do not unreasonably prejudice the legitimate interests of Customer.
Service Provider reserves the right to monitor the content of any Data provided via the Software and, at its sole discretion, to withhold, remove, and discard any such Data without notice in case of any non-compliance with the Agreement.
Failure to perform by reason of any law, natural disaster, labor controversy, encumbered intellectual property right, war or any similar event beyond a party's reasonable control shall not be a breach hereof.
You acknowledge and agree that the SAAS Services and the tools, applications, information and materials provided in connection with the SAAS Services possess a special, unique and extraordinary character that makes difficult the assessment of the monetary damages that would be sustained as a result of unauthorized use, and that unauthorized use may cause immediate and irreparable damage to Service Provider or other Subscribers for which Service Provider or such other Subscribers would not have an adequate remedy at law. Therefore, you agree that, in the event of such unauthorized use, in addition to such other legal and equitable rights and remedies as may be available to Service Provider, Service Provider shall be entitled to injunctive and other equitable relief without the necessity of proving damages or furnishing a bond or other security.
This Agreement shall be construed and enforced under the laws of the State of New York, USA without reference to the choice of law principles thereof. User hereby consents to and submits to the jurisdiction of the federal and state courts located in the State of New York. User waives any defenses based upon lack of personal jurisdiction or venue, or inconvenient forum.
If any provision herein is unenforceable, then such provision shall be of no effect on any other provision hereof.
No waiver of any breach hereof shall be deemed a waiver of any other breach hereof.
Section headings are provided for convenience only, and shall not be used to construe the meaning of any section hereof.
LAST REVISED ON MAY 24th, 2018
1. Scope of this Policy
This Policy describes the policies and procedures when a User’s personal data is collected, used, consulted, or otherwise processed in the context of the Service.
2. What are the key notions of this Policy?
In this Policy the following terms are used consistently and shall have the following meaning.
2.1. Personal Data categories
- “You” (including "Your") or “User” means any person, whether an agent, representative, contractor, employee, manager, or otherwise, to which access has been given to the Service.
- “Your Employer” means the entity that entered into a contractual arrangement with Butterfly, including a Data Processing Agreement, and which proposes the use to the User of the Service for its own purposes.
- “Butterfly” (including "we" or "us") means Appynest Inc., a company incorporated under the laws of Delaware, having its registered seat in New York and its office at 67 West Street, unit 324, Brooklyn, NY 11222, United States of America.
- “Controller” shall have the meaning under the GDPR, i.e. “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law”.
- “Processor” shall have the meaning under the GDPR, i.e. “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller”.
- “Subprocessors” means a processor engaged by the Processor to carry out certain processing activities on behalf of the Controller.
- “Third Party” shall have the meaning under the GDPR, i.e. “a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data”.
- “Supervisory Authority” shall have the meaning under the GDPR, i.e. “an independent public authority which is established by a Member State pursuant to Article 51” of the GDPR.
2.2. Personal Data categories
- “Personal Data” shall have the meaning under the GDPR, i.e. “any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
- “Basic Data” means the data provided by the User upon subscription to the Service, and in particular the User’s first name, last name, email address, employee ID, slack handle, profile pictures, passwords, Workplace email address.
- “Clear Gifs Information” means web beacons used to track online usage patterns relating to the use of the Service or to track which emails are opened by recipients through clear gifs in HTML-based emails sent to Users.
- “Content” means the free text and open content posted by the User on the Service.
- “Device Identifiers” means small data files or related structures stored on or associated with a Mobile Device, which identify a User’s specific mobile device and includes data stored in connection with hardware, operating systems, other software, or information sent directly to Butterfly by the device, and which are collected when a User access the Service by or through a Mobile Device.
- “Location Data” includes GPS coordinates, latitude, longitude, or similar information regarding the location, collected through the use of the Service by or through a Mobile Device.
- “Log Files” means data recorded automatically by Butterfly’s servers sent by the User’s web browser when using the Service, which include web request, IP address, browser type, referring/exit pages, URLs, number of clicks, how You interact with links on the Service, domain names, landing pages, pages viewed, mobile carrier, and similar information.
- “Non-Personal Data” means data other than personal data, including non-private and/or aggregated information that does not identify a User, or more generally a data subject (including without limitation anonymous usage data and platform types)
2.3. General notions
- “Service” means the service offered by Butterfly through a website or related means featuring analytics that allow business owners and managers to gauge worker satisfaction, including the provision of information about updates, upgrades and enhancements of the service.
- “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
- “Processing” shall have the meaning under the GDPR (i.e. “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”).
- “Data Processing Agreement” means a controller-processor agreement in accordance with Article 30 of the GDPR.
- “Privacy Shield” means the EU-U.S. Privacy Shield legal framework, designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
- “Standard Contractual Clauses” means sets of standard contractual clauses for transfers as adopted by the European Commission for the international transfer of personal data.
- “Mobile Device” includes without limitation mobile telephones, iPhones, tablets, iPad, Android, and any similar technology or item.
- “EEA” means the European Economic Area.
- “SSL” means to secure socket layer technology.
2.4. Cookie-related notions
- “Cookie” or “Cookies” are text files, containing small amounts of information, which are downloaded to Your browsing device (such as a Mobile Device or computer) when You visit a website, and that may convey information about the use of the Service
- “Persistent Cookies” refers to cookies that remain on a hard drive after a web browser is closed to be used by the web browser on subsequent visits to the Service.
- “Session Cookies” refers to cookies that are temporary and disappear after a web browser is closed.
- “Third Party Cookies” refers to cookies that another party places on Your web browser when You use the Service.
3. Who processes what Personal Data about You?
In the context of the Service, Your Personal Data is processed by several organisations, including Your Employer, Butterfly and Third Parties. The following sub-sections provide further details.
3.1. Your Employer processing Your Personal Data as a Controller
Through the Service, Your Employer is processing Your Personal Data as a Controller for its own purposes.
3.2. Butterfly processing Your Personal Data as a Processor on behalf of Your Employer
Through the Service, Butterfly processes Your Personal Data on behalf of Your Employer. This is in order for the latter to provide the Service within its organisation and to provide You access to the Service, and to ultimately achieve Your Employer’s processing purposes described above.
3.3. Butterfly processing Your Personal Data as a Controller for its own purposes
Through the Service, Butterfly processes Your Personal Data for its own purposes, where it determines itself the purposes and means of such processing.
3.4. Google Cloud Platform processing Your Personal Data as a (Sub-)processor of Your Employer or Butterfly for the provision of the Service
In order for Butterfly to achieve one or more of its purposes, it relies on Google Cloud Platform], acting as a Subprocessor and processing Your Personal Data on behalf, under the instructions and authority of Butterfly for storage and back-up purposes.
4. Are Cookies placed on Your device when using the Service?
When You use the Service, Butterfly places one or more Cookies on Your device (including Mobile Device) for the purposes described in this Policy.
4.1. Which Cookies are placed on Your device?
The following table and information set out the Cookies which are used for the Service. It also provides details of third parties that set cookies:
4.1.1. Strictly necessary Cookies
4.1.2. Performance Cookies
4.1.3. Functionality Cookies
4.2. How long are Cookies stored on Your device?
The length of time during which a Cookie will be stored on Your browsing device depends on whether it is a “Persistent” or “Session” Cookie. Session Cookies will only be stored on a device until the web browser is closed. Persistent Cookies remain on the device after You have finished browsing until they expire or are deleted.
4.3. How can You disable Cookies placed on Your device?
You can usually use the web browser to enable, disable or delete Cookies. To do this, follow the instructions provided by the web browser (usually located within the “Help”, “Tools” or “Edit” settings). You can also set Your web browser to refuse all Cookies or to indicate when a Cookie is being sent.
Please note that if You set Your web browser to disable Cookies, You may not be able to access secure areas of the website, other parts of the website may also not work properly and some Service features may not function properly.
You can find out more information about how to change Your browser Cookie settings at www.allaboutCookies.org.
5. On what basis is Your Personal Data processed?
Your Personal Data is processed by Butterfly in the context of the Service on the basis of Your consent given in the framework of Your subscription to or use of the Service, as detailed in this Policy.
Please note that You are not in any way obligated to provide any information to Butterfly. Also, You have the right to withdraw Your consent at any time You choose and on Your own initiative as described in section 10 of this Policy. You however understand that in such cases, certain features of the Service may be limited or otherwise impacted.
Please note that Your Employer is Processing Your Personal Data for its own purposes, as described under section 3.1. Such Processing takes places on a legal basis determined by Your Employer. Please contact Your Employer should You have any questions in relation thereto.
6. Is Your Personal Data used for direct marketing communications?
If You have explicitly consented, Butterfly may, from time to time, contact You by email with information about our Service.
If You no longer want to receive email marketing from Butterfly, please let us know by sending an email to us at firstname.lastname@example.org. You can also unsubscribe from our marketing emails by clicking on the unsubscribe link in the emails Butterfly sends to You.
7. How long is Your Personal Data stored?
Your Personal Data will be stored for the duration of Your relationship with Butterfly and then put beyond use:
- 5 years after Your last use of the Service, if You did not close Your account;
- 2 years after the closing of Your account.
8. How is Your Personal Data shared with Third Parties?
Butterfly will display Your personal data on the Service only in accordance with Your authorisations and security preferences. The information that You provide for inclusion on the Service should reflect how much You want others users to know about You. Please consider this carefully before disclosing any information and recognise that the more content You provide the less anonymous You may be towards other users. You can review and revise Your user information at any time.
Butterfly may share or disclose information with Your consent and solely as described herein, including with Third Party application providers. In certain situations, Butterfly may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In the event Butterfly shares Your Personal Data in accordance with this Policy, Butterfly is not responsible for any Third Party’s use or disclosure of Your Personal Data. You should only use applications that You trust and that have privacy policies that You consider acceptable.
As described in this Policy, the Service may rely on Third Party tools (such as Google Analytics) in order to study the Service usage and performance. Many of these tools collect the information sent by Your web browser as part of a web page request (including Cookies and Your IP address). These tools receive the information provided to Butterfly and use it as governed by their own privacy policies.
Butterfly offers its Users the possibility to integrate its Service into existing Third Party applications (e.g. Microsoft Teams, Skype for Business etc.). If You choose to make use of this integration, please keep in mind that, in doing so, these Third Party applications will most likely receive some of Your Personal Data either directly by You or provided by Butterfly with Your consent. Therefore, please consider this carefully before disclosing information and only use Third Party applications that have privacy policies that You consider acceptable.
9. Is Your Personal Data transferred outside the EEA?
In the context of the provision of the Service and for the purposes described in this policy, Your Personal Data will be transferred outside the EEA and to countries not providing an "adequate" level of data protection, such as the United States.
When such a transfer happens, we ensure that it takes place in accordance with this Policy and that the necessary safeguards are put in place such as in particular:
- Ensuring that the transfer is regulated by Standard Contractual Clauses approved by the European Commission as ensuring an adequate protection for Users; or
- Ensuring that the transfer to the United States of America is done to an organisation that complies with the EU-US and Swiss-US Privacy Shield Framework as implemented by the U.S. Department of Commerce.
Butterfly, located in the United States of America, complies with the EU-US and Swiss-US Privacy Shield Framework as implemented by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from Europe and Switzerland to the United States. Butterfly has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If Third Parties process personal data on our behalf in a manner inconsistent with the principles of either Privacy Shield framework, we remain liable unless we prove we are not responsible for the event giving rise to the damage.
If you have a question or complaint related to our participation in the EU-U.S. or Swiss-U.S. Privacy Shield, we encourage you to contact us via email@example.com. For any complaints related to the Privacy Shield frameworks that cannot be resolved with us directly, we have chosen to cooperate with the relevant Data Protection Authority, or a panel established by the European DPAs for resolving disputes. Please contact us to be directed to the relevant DPA contacts. As further explained in the Privacy Shield Principles, binding arbitration is available to address residual complaints not resolved by other means. Butterfly is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
10. What are Your rights?
Once You have provided Your Personal Data, several rights are recognized under the GDPR, which in principle You can exercise free of charge, subject to statutory exceptions. In particular, You have the following rights:
- Right to withdraw consent. You have the right to withdraw Your consent at any time You choose and on Your own initiative. If You have entered into a contractual arrangement with Butterfly, You can do so directly by contacting Butterfly. If You have not done so, for example because You are an employee of an entity that entered into a contractual arrangement with Butterfly, You can contact your Employer. Your Employer will inform Butterfly of Your request to withdraw Your consent. The withdrawal of Your consent will not affect the lawfulness of the collection and processing of Your data based on Your consent up until the moment where You withdraw Your consent.
- Right to access, review, and rectify Your data. If You wish to review or rectify any information like Your name, email address, passwords and/or any other preferences, You can do so easily by changing Your settings under the 'My Account' section on our website. You may also request a copy of the Personal Data Butterfly holds about You by sending an email to firstname.lastname@example.org. You can access and review this information and, if necessary, ask to rectify Your information.
- Right to erasure. You have the right to erasure of all the Personal Data processed by Butterfly in case Butterfly no longer needs it for the purposes for which the Personal Data was initially collected or processed, in accordance with the GDPR.
- Right to restriction of processing. Under certain circumstances described in the GDPR, You may ask for a restriction of processing of Your Personal Data, such as when You have contested the accuracy of the Personal Data, for the period we need to verify the accuracy of this data.
- Right to data portability. You have the right to receive the Personal Data processed in a format which is structured, commonly used and machine-readable and to transmit this data to another service provider.
- Right to object to processing. Where Your Personal Data is processed for direct marketing purposes, You may object to such processing.
- Right to lodge a complaint with a Supervisory Authority. We are always available for any questions or complaints You may have. However, if You were to have any trouble with the way Your Personal Data is being handled in the context of the Service, You may contact the Supervisory Authority to lodge a complaint.
11. To what extent is Non-Personal Data used by Butterfly?
Butterfly may use Non-Personal Data for purposes that include testing IT systems, research, big data analytics, industry-wide analyses, statistics and reports, improving the Service, developing new products and features. Butterfly may create and publish such analyses and reports, including for commercial gain.
12. What security measures are put in place by Butterfly?
Butterfly implements, and undertakes that its Subprocessors implement, appropriate technical and organisational measures to ensure an appropriate level of security of Your Personal Data, including but without limitation:
- Socket Layer Technology ("SSL"). SSL is used for the encrypted transmission of data where necessary.
- Back Up. Continuous and regular data backups help prevent loss and assist in data recovery.
- Common Web Attacks. Protection against common web attack vectors, firewalls and access restriction are implemented.
- Secured data centres. Data is hosted in secure SAS 70 audited data centres,
In the event personal information is compromised as a result of a security breach and where the breach is likely to result in a high risk to the rights and freedoms, we will promptly notify those Users as required under the GDPR.
13. Does a disclaimer of warranties apply?
No method of electronic transmission or storage is completely secure.
To the largest extent permitted under applicable law, the Service is provided “AS IS” and we make no warranty, express or implied, concerning the security or integrity of any User data. All implied warranties, including without limitation the implied warranties of merchantability or fitness for a particular purpose, are hereby disclaimed.
14. What rules apply to children?
The Service is not intended for use by anyone under the age of 13 years.
Butterfly does not knowingly collect or solicit Personal Data from anyone under the age of 13 years or knowingly allow such persons to register for the Service.
In the event Butterfly learns that it has collected Personal Data from a child under the age of 13 years without verification of parental consent, steps will be undertaken promptly to remove that information. If You believe that we have or may have information from or about a child under 13 years of age, please contact Butterfly at email@example.com.
Butterfly shall not be responsible or liable for the practices employed by the owners or users of websites linked to or from the Service. Furthermore, we are not responsible or liable for the information or content on such Third Party websites.
16. Are posts in discussion rooms, blogs, etc. confidential?
Any information posted in a discussion room, group room, blog, or the like is considered publicly accessible and the User should not post any information it wishes to keep confidential.
18. How can You contact Butterfly?
67 West Street, unit 324,
Brooklyn, NY 11222,
United States of America.