1. Purpose and scope
For the purposes of the General Data Protection Regulation (or any successor or equivalent legislation in the UK) (“GDPR”), Research Space is the controller of your personal data. We can be contacted about data protection issues in writing at email@example.com.
2. What information is collected & why
We collect and use the following information to provide, improve and protect our Services:
Account. We collect, and associate with your account, information like your name and email). Some of our services let you access your accounts and your information with other service providers.
Services. When you use our Services, we store, process and transmit your files and documents you create.
Usage. We collect information from and about the devices you use to access the Services. This includes things like IP addresses, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information to the Services.
Cookies and other technologies. We use technologies like cookies to provide, improve, protect and promote our Services. For example, cookies help us with things like remembering your username for your next visit, understanding how you are interacting with our Services, and improving them based on that information. You can set your browser to not accept cookies, but this may limit your ability to use the Services.
3. With whom information is shared
We may share information as discussed below, but we won’t sell it to advertisers or other third-parties.
Other users. Our Services display information like your name and email address to other users in places like your user profile and sharing notifications. Certain features let you make additional information available to other users.
RSpace Enterprise Admins. If you are an RSpace Enterprise user, your administrator may have the ability to access and control your RSpace Enterprise account. Please refer to your employer’s internal policies if you have questions about this. If you are not an RSpace Enterprise user but interact with an RSpace Enterprise user (by, for example, joining a shared folder or accessing stuff shared by that user), members of that organization may be able to view the name, email address and IP address that were associated with your account at the time of that interaction.
Law & Order. We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to (a) comply with the law; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of RSpace or our users; or (d) protect Research Space’s property rights.
4. How we ensure data privacy
Security. We are committed to keeping your information secure and testing for vulnerabilities. We also continue to work on features to keep your information safe in addition to things like alerts when new devices and apps are linked to your account. You can find out more about our technical and organizational safeguards on our Security page.
Retention. We’ll retain information you store on our Services for as long as we need it to provide you the Services. If you delete your account, we’ll also delete this information. But please note: (1) there might be some latency in deleting this information from our servers and back-up storage; and (2) we may retain this information if that is necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.
5. EEA residents
If you are a resident of the EEA, we do not transfer your data outside the EEA. Third party services we work with that have access to your data, e.g. Segment, Intercom, will protect your personal data when it is transferred outside of the EEA by processing it in a territory which the European Commission has determined provides an adequate level of protection for personal data; or otherwise ensuring appropriate safeguards are in place to protect your personal data.
6. Your privacy rights and choices
Depending on your location and subject to applicable laws, you may have certain data protection rights. If you are a resident of the EEA or the UK you have the following data protection rights:
If you wish to access, correct, update or request deletion of your personal data, you can do so at any time.
You can object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data.
You have the right to opt-out of marketing communications we send you at any time. If you no longer wish to receive our newsletter and promotional communications, you may opt-out of receiving them by clicking on the “unsubscribe” or “opt-out” link in the communications we send you. Please note, however, that it may not be possible to opt-out of certain service-related communications. You can let us know at any time if you do not wish to receive marketing messages by contacting us on the Intercom Messenger or by contacting us using the contact details below.
Similarly, if we have collected and process your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA and the UK are available here.
You can exercise any of these rights by submitting a request to firstname.lastname@example.org.
If we are involved in a reorganization, merger, acquisition or sale of our assets, your information may be transferred as part of that deal. We will notify you (for example, via a message to the email address associated with your account) of any such deal and outline your choices in that event.