Last Updated May 25, 2018
Welcome to Thinglink.com! Our mission is to create a more enlightened way of creating immersive content by providing an intuitive, unified platform to collaborate with others and unleash your creative energy. Here we describe how we collect, use, and handle your personal information when you use our Service.
- WHAT’S COLLECTED AND WHY?
We collect and use the following information to provide, improve, and protect our Services:
Information You Provide:
- Account Information. You can browse our site without providing personal information, but you must register in order to access most of the features of Service. Depending on how you interact with the Service, we may ask for certain information such as your legal name, email address, a description of your purpose when using the Service (business or education), your industry if your using the Service for business purposes, your role (teacher or student) and your school name and school district, if you’re suing the Service for educational purposes, and password when you create a Thinglink account. Depending on your Settings, some of this personal information may be displayed on your public profile and viewable to others on the Service.
- Optional Profile Information. After you setup your account, Thinglink members may also choose to provide additional information which may be shared with others on the Service or through your public profile, such as your name, email address, nickname or online alias, other Thinglink accounts you choose to follow, Immersive Images (as defined in the Content Information section below), websites, and other information relating to your User Content or your use of the Service. In connection with your use of the Service, we may also collect information created or provided by you, or that we otherwise receive, in connection therewith. For example, if you send or enable your users to send SMS messages through the Service, we will collect and maintain the call data (e.g., receipts, phone numbers, size, time of transmission, confirmations, etc.) and other message transmission and conversion data, which may include personal information.
- Payment and Billing Information. We also collect credit card or payment information for paid subscriptions. This information will be securely stored with a third party specialized in the handling of such information, such as a credit card payment gateway or other payment vendors.
- Content Information. Our Service is designed to make it simple for you to store your User Content, collaborate with others, and work across multiple devices to create unique, engaging visuals (“Immersive Images”). To make that possible, we store, process, and transmit your User Content as well as information related to it. This related information includes your profile information, which makes it easier to collaborate and share your User Content with others, as well as things like the size of the file, the time it was uploaded, collaborators, and usage activity. Our Service provides you with different options for sharing your User Content. You may provide us with information about you in draft and published User Content (such as for your Immersive Images). For example, if you create an Immersive Image that includes biographic information about you or someone else, we will have that information, and so will anyone with access to that Immersive Image if you choose to publish the Immersive Image publicly.
- Messages. If you correspond with us, you may also provide us information when you respond to surveys, communicate with our engineering or support teams about a question regarding the Service, or post a question about your User Content in our public forums.
- Telephone Information. If we telephone you, or you telephone us, to discuss our Service, we may collect personal information from you, including your name, company name, business address, phone number, job title, email address, whether you use the Service, information about your business needs, the number of users of our Service you require, and, if you telephoned us, how you heard about us, and any other information you choose to share with us by telephone.
Information We Collect Automatically:
- Device Information. Like most online service providers, we collect information that web browsers, mobile devices, and servers typically make available, such as the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information. Your devices (depending on their settings) may also transmit location information to the Services. We collect log information when you use our Service–for example, when you create or make changes to your Immersive Images.
- Usage Information. We collect information related to how you use the Service, including actions you take in your account (like sharing, editing, viewing, and moving files or folders). We use this information to improve our Service, develop new services and features, and protect Thinglink users.
- Location Information. We may determine the approximate location of your device from your IP address. We collect and use this information to, for example, calculate how many people visit our Service from certain geographic regions. We may also collect information about your precise location via our mobile apps (when, for example, you post a photograph with location information) if you allow us to do so through your mobile device operating system’s permissions.
- Stored Information: We may access information stored on your mobile device via our mobile app. We access this stored information through your device operating system’s permissions. For example, if you give us permission to access the photographs on your mobile device’s camera roll, our Service may access the photos stored on your device when you upload a photo to the Service to create an Immersive Image.
Information We Collect from Other Sources:
- Information We Receive from Social Networking Sites. We allow Users with certain third-party accounts (currently Users who have Google, Microsoft, Twitter, or Facebook accounts) to authenticate on the Service using those third-party accounts. We also allow Users to share their immersive Images on third party services, such as social networking services provided by others, for example, Facebook. If you create or log into your account on the Service through another third-party service or if you connect your Immersive Image on a social media service (like Twitter), we will receive information from that service (such as your username and other basic profile information) via the authorization procedures used by that service. The information we receive depends on which services you authorize and any options that are available. You should always review, and if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our website or Service.
- Third Party Analytics Services. We may also receive information from third party services to help us better understand you and how you use our Service.
Information Collected by Third Parties
Purposes for Collecting this Information:
We use information about you as mentioned above and for the purposes listed below:
- To provide you the Service, including for example, hosting your Immersive Images and billing you for the Service;
- To maintain, monitor, and improve the Service by adding new features, sharing new use cases, or making the Service easier to use;
- To monitor and analyze trends and better understand how you interact with our Service;
- For our own internal benchmarking, for example, to measure, and gauge the effectiveness of the Service, our advertising of the Service, and to better understand user retention and attrition–for example, we may analyze how many individuals purchased a plan after receiving a marketing message or the features used by those who continue to use our Service after a certain length of time;
- To prevent problems with our Service, protect the security of our Service, detect fraudulent transactions and other illegal activities, fight spam, and protect the rights and property of Thinglink and others, which may result in us declining a transaction or the use of our Service;
- To personalize your experience using our Service, remember your preferences on the Service so that you will not have to re-enter it during your visit or the next time you use the Service, target our marketing messages to groups of our Users (for example, those who have a particular plan with us or have been our user for a certain length of time), to serve relevant advertisements; and
- To communicate with you, for example through an email, about offers and promotions offered by Thinglink and others we think will be of interest to you, solicit your feedback, or keep you up to date on what we’re up to and our products. We give users the option to use some of our Services free of charge. These free Services are made possible by the fact that some users upgrade to one of our paid Services. If you register for our free Services, we will, from time to time, send you information about upgrades when permissible. For further information on your choices regarding your choices with regard to the use of your information for marketing purposes, see "Your Choices Regarding Your Information" below.
- LEGAL BASIS FOR COLLECTING AND USING INFORMATION
We collect and use the personal data described above based on the following grounds:
- Compliance with a legal obligation necessitates the use; or
- The protection of your vital interests or those of another person require the use; or
- We have a legitimate interest in using your information–for example, to provide and update our Service, to improve our Service so that we can offer you an even better user experience, to safeguard our Service, to communicate with you, to measure, gauge, and improve the effectiveness of our advertising, and better understand user retention and attrition, to monitor and prevent any problems with our Service, and to personalize your experience; or
- DISCLOSURE OF INFORMATION TO THIRD PARTIES
We won’t transfer information about you to third parties for the purpose of providing or facilitating third-party advertising to you. We won’t sell information about you either. We may share your personal information in the limited instances described below. For further information on your choices regarding your information, see "Your Choices Regarding Your Information."
- Other Users. Our Services display information like your name, profile picture, and email address to other users in places like your user profile and sharing notifications. You can also share Your Immersive Images with other users if you choose. When you register your Thinglink account with an email address on a domain owned by your employer, educational institution, or organization, we may help collaborators and administrators find you and your team by making some of your basic information—like your name, team name, profile picture, and email address—visible to other users on the same domain. This helps you sync up with teams you can join and helps other users share files and folders with you.
- Account Administrators. If your use of the Service is pursuant to an Agreement entered into by your employer, education institution, or other organization to which you belong, (e.g., Thinglink Business plans or Thinglink Education), your administrator may have the ability to access and control your Thinklink team account. Please refer to your organization’s internal policies if you have questions about this. If you are not a Thinglink group user but interact with a Thinglink group user (by, for example, accessing content shared by that user), members of that organization may be able to view the name, email address, profile picture, and IP address that was associated with your account at the time of that interaction.
- Third Parties at Your Request. Certain features let you make additional information available to the public. You may have the option to share your Thinglink activities with your friends, or through email, SMS text, or various social media sites or on your blog or website. Public information may also be indexed by search engines or used by third parties. Please keep all of this in mind when deciding what you would like to share.
- Other Applications. You can also give third-party providers access to your information and account—for example, via Thinglink APIs. Just remember that their use of your information will be governed by their privacy policies and terms.
- Company Transactions. Other parties in connection with any company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by another company or third party or in the event of bankruptcy or related or similar proceedings. Your information, including user names and email addresses, User Content, and other user information may be among the items sold or otherwise transferred in these types of transactions; and
- Aggregated and De-Identified Information. We may share information that has been aggregated or reasonably de-identified, so that the information could not reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our Service.
- YOUR CHOICES REGARDING YOUR INFORMATION
- Account Data. Thinglink does not verify the accuracy of the personal data you provide. All Thinglink profiles are typically made available to the public, however you may elect to make your content private. If you make all of the content on your profile private, then a your profile will not appear in a directory search of the Service, but a user may still be able to access your profile if they know the uniform resource locator (URL) address for your profile. You can edit and change your profile and account data through the Settings of your account. You have the right to inspect the personal data we have stored about you in the Thinglink User Register either via the Service (if we, in our sole discretion, offer such functionality) or by requesting it in writing from Thinglink. You can also choose not to provide the optional account information, profile information, and transaction and billing information. Please keep in mind that if you do not provide this information, certain features of our Services–for example, paid, premium Services–may not be accessible.
- Limit Access to Information On Your Mobile Device. Your mobile device operating system should provide you with the ability to discontinue our ability to collect stored information or location information via our mobile apps. If you do so, you may not be able to use certain features (like adding a location to a photograph, for example).
- Access to Data Controlled by Our Users. Thinglink has no direct relationship with the end users (usually students or employees) of our Users, whose personal information is contained within the personal data processed by our Services. An individual who seeks access, or who seeks to correct, amend, or delete personal information provided by our Users should direct their request to the specific User. You may also contact us at email@example.com if you have additional questions or concerns.
- Marketing Communications. If you do not wish to receive promotional emails, you can click the "unsubscribe" button on promotional email communications. If you opt out of promotional messages, we may still send you other messages, like those about your account and legal notices. We sometimes contact people who do not have a Thinglink account. For recipients in the EU, we or a third party will obtain consent before contacting you. If you receive an email and no longer wish to be contacted by Thinglink, you can unsubscribe and remove yourself from our contact list via the message itself
- Analytics Services. As noted above, analytics providers may set tracking technologies (like cookies) to collect information about your use of the Service, and potentially your use of other websites and online services. For more information about how to manage and delete cookies, visit aboutcookies.org. For further information on what information is collected by analytics service providers and why, see "What We Collect and Why."
- Set Your Browser to Reject Cookies. At this time, Thinglink does not respond to “do not track” signals across all of our Services. However, you can usually choose to set your browser to remove or reject browser cookies before using the Service, with the drawback that certain features of the Service may not function properly without the aid of cookies.
- Close Your Account. Of course, while it’s hard to say goodbye, we understand that sometimes you just need to move on. You can delete your information from within your account or close your account. To close your account, please contact us, and keep in mind that we may continue to retain your information after closing your account, as described in How Store Your Information below–for example, when that information is reasonably needed to comply with (or demonstrate our compliance with) legal obligations such as law enforcement requests, or reasonably needed for our legitimate business interests. We’ll use all commercially reasonable efforts to delete or anonymize your User Content upon request, but please be aware that due to the social nature of our Service, it may not be possible to completely remove all of your personally identifiable User Content if, for example, that content has been stored, republished, or reposted by another user or a third party.
- Take Your Data. You can download a copy of your content in a machine readable format as through the settings feature of your account. You can also ask us for a copy of personal data you provided to us.
- HOW WE STORE YOUR INFORMATION
- Security. Thinglink cares about the security of your information and uses commercially reasonable physical, administrative, and technological safeguards to preserve the integrity and security of all information we collect and that we share with our service providers. Personal data and backups are stored in protected databases located behind a firewall and with both physical and software-based access controls. However, no security system is impenetrable and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
- Location of Storage. To provide you with the Services, we may store, process, and transmit information in the United States and locations around the world—including those outside your country. Information may also be stored locally on the devices you use to access the Services.
- Retention. When you sign up for an account with us, we’ll retain information you store on our Services for as long as your account is in existence or as long as we need it to provide you the Services. If you delete your account, we will initiate deletion of this information within 30 days of your request. But please note: (1) there might be some latency in deleting this information from our servers and backup storage; and (2) we may retain this information if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.
- IMPORTANT NOTICE
- COPPA COMPLIANCE
- FERPA COMPLIANCE
The Family Educational Rights and Privacy Act (FERPA) provides parameters for what is permissible when sharing student information. ThingLInk is authorized by schools and districts under the FERPA “school official” exception to receive and use educational data to provide educational services. This data has significant educational value; apart from enabling the creation of accounts with which students access the Service, the data allows teachers to track student activity and assess student performance. This information is used only for academic purposes. We do not collect data for collection’s sake, and access is limited and appropriate. For specific information regarding our data handling practices with regard to student data, please refer to our Education Institution Terms and Conditions.
- CONTROLLERS AND RESPONSIBLE COMPANIES
Thinglink’s Services are worldwide. Different Thinglink companies are the controller (or co-controller) of personal information, which means that they are the company responsible for processing that information, based on the particular service and the location of the individual using our Services.
Depending on the Services you use, more than one company may be the controller of your personal data. Generally, the “controller” is the Thinglink company that entered into the contract with you under the Terms of Service for the the product or service you use. In addition, Thinglink Inc., our US-based company, is the controller for some of the processing activities across all of our Services worldwide.
The chart below explains the controllers for processing your personal information. We use the term “Designated Countries” to refer to Australia, Canada, Japan, Mexico, New Zealand, and all countries located in the European continent.
If you reside outside of the Designated Countries:
Thinglink, Inc. a Delaware corporation, 470 Ramona Street, Palo Alto, CA 94301
If you reside in the Designated Countries:
Thinglink Oy, a corporation formed in Finland, Business ID 2329185-9
VAT ID FI23291859
Lapinlahdenkatu 16, 00180 Helsinki, Finland
Thinglink, Inc. is also the controller for some of the processing activities related to Services provided by Thinglink Oy.
Have questions or concerns about Thinglink, our Services, and privacy? Contact us at firstname.lastname@example.org. If they can’t answer your question, you have the right to contact your local data protection supervisory authority.
- TRANSFERRING YOUR DATA
You can ask us for more information about the steps we take to protect your personal information when transferring it from the EU.
Personal Information we collect from kids under 13.
When a user creates a Thinglink account, we may ask for legal name, email address, a description of your role when using the Service (student, retailer, freelancer, etc.), and password and a birth date. If we determine the child is under 13 (a "kid"), we will ask for a parent's name and email address so that we can notify the parent that the kid has created an account at Thinglink and seek the parent's consent to allow the kid's participation. If the parent provides consent, we may collect additional information from the kid, including a profile avatar, which could include a photograph, or other content uploaded by the kid to the Service. The information we collect from kids may be directly linked to their actions on the Service.
Information collected through cookies and other technology.
How we use and share information collected from kids.
We use this information to operate, maintain and provide the functionality of the Service and to communicate with the kid and the parent about activities on the Service. We may also send Service-related emails (e.g., account verification, changes or updates to features of the Service, technical and security notices). Registered users cannot opt-out of Service related emails. When a kid under 13 creates a Thinglink account, we use the parent's email address to notify the parent of the kid's registration (see "How we notify parents of the data collection" below).
Our Service generally permits users to connect with others on the Service and to share information with others. Members under 13 have restricted sharing capabilities, though a kid under 13 may be permitted to share information in the following manner:
- Kids will share information automatically with a parent and the kid’s teacher(s) if the kid’s account is associated with a teacher or educational institution on the Service.
- Kids under 13 may share information about their use of the Service with third party social networks.
- Kids under 13 are not permitted to share their information publicly on the Service.
In addition, we may share a kid's personal information with:
- Other companies owned by or under common ownership as Thinglink, which includes our subsidiaries (i.e., any organization we own or control) or our ultimate holding company (i.e., any organization that owns or controls us) and any subsidiaries it owns. These companies will use the personal information in the same way as we can under this Policy;
- Third party vendors, consultants, contractors and other service providers that perform services on our behalf, in order to carry out their work for us, which may include content or service fulfillment, accounting, or providing analytics services;
We may also share information with others in an aggregated and anonymous form that does not reasonably identify any user, including our kid users, directly as an individual.
How we notify parents of the data collection.
We send parents an email when their kid creates an account at Thinglink and ask the parent to register with the Service and provide consent for the kid to use the Service. If the parent refuses to allow the kid's registration, we delete the kid's information from our databases. The kid will not be permitted to engage in the core functionality of the Service unless and until we receive verifiable parental consent to engage in such activity. Where the Service is used by a child for educational purposes, the educational institution may act as an agent of the parent for purposes of providing verifiable consent. At that time, the kid will be able to participate in the Service as permitted by the parent or educational institution acting on behalf of the parent.
How parents can access, change or delete information collected from their kids.
A registered user can modify personal data or delete a Thinglink account at any time by visiting the "Settings" page. may view, modify, and consent to the collection and use of the kid's personal information. A parent or child may contact us at any time by emailing us or by contacting us at the address below to review, change, and/or delete any information we have collected from a kid under 13 as well as to disallow any further collection or use of the child's information. We will take steps to verify the identity of anyone requesting personally identifiable information about a child and to ensure that the person is in fact the child's parent or legal guardian.