Commitment to Privacy

Last modified: 3 October 2022

Short Version

RequirementONE will:

• Collect your information only with your consent
• Only collect the information that is absolutely necessary to complete your task
• Not share or sell your data to third parties
• Only use it as this Privacy Policy describes
• Comply with the Privacy Shield framework
• Long Version

What information RequirementONE collects and why

Information from website browsers

If you're just browsing the RequirementONE website, we collect the same basic information that most websites collect. We use common internet technologies, such as cookies and web server logs. We collect this information from everybody, whether they have an account or not.

The information we collect about all visitors to our website includes the visitor’s browser type, language preference, referring site, additional websites requested, and the date and time of each visitor request. We also collect potentially personally-identifying information like Internet Protocol (IP) addresses.

Why do we collect this?

We collect this information to better understand and improve the website experience of visitors, and to monitor and protect the security of the website.

Information from users with accounts

If you create an account, we require some basic information at the time of account creation. You will create your own user name and password, and we will ask you for a valid email account. You also have the option to give us more information if you want to, and this may include "User Personal Information."

"User Personal Information" is any information about one of our users which could, alone or together with other information, personally identify him or her. Information such as a user name and password, an email address, a real name, and a photograph are examples of “User Personal Information.”

User Personal Information does not include aggregated, non-personally identifying information. We may use aggregated, non-personally identifying information to operate, improve, and optimize our website and service.

Why do we collect this?

We need your User Personal Information to create your account, and to provide the services you request.

We use your User Personal Information to identify you on RequirementONE. We use it to fill out your profile and share that profile with other users if you ask us to.

We will use your email address to communicate with you, if you've said that's okay, and only for the reasons you’ve said that’s okay. Please see our section on email communication for more information.

We limit our use of your User Personal Information to the purposes listed in this Privacy Statement. If we need to use your User Personal Information for other purposes, we will ask your permission first. You can always see what information we have, how we're using it, and what permissions you have given us in your user profile.

What information RequirementONE does not collect

We do not intentionally collect sensitive personal information, such as social security numbers, genetic data, health information, or religious information. Although RequirementONE does not request or intentionally collect any sensitive personal information, we realize that you might store this kind of information in your account. If you store any sensitive personal information on our servers, you are consenting to our storage of that information on our servers, which are, unless otherwise agreed, in the United Kingdom.

We do not intentionally collect information that is stored in your projects. Information in your projects belongs to you, and you are responsible for it, as well as for making sure that your content complies with our Terms of Service. RequirementONE employees do not access private projects unless required to for security or maintenance, or for support reasons, with the consent of the project owner.

If you're a child under the age of 13, you may not have an account on RequirementONE. If we learn or have reason to suspect that you are a user who is under the age of 13, we will unfortunately have to close your account.

Retention of User Personal Information

How long we keep information we collect about you depends on the type of information. After such time, we will either delete or anonymize your information or, if this is not possible, then we will securely store your information and isolate it from any further use until deletion is possible.

We retain User Personal Information that you provide to us where we have an ongoing legitimate business need to do so (for example, as needed to comply with our legal obligations, resolve disputes and enforce our agreements).

When we have no ongoing legitimate business need to process your User Personal Information, we securely delete the information or anonymize it or, if this is not possible, securely store your User Personal Information and isolate it from any further processing until deletion is possible. We will delete this information at an earlier date if you so request.

If you have elected to receive marketing communications from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our content, products, or services, such as when you last opened an email from us or ceased using your RequirementONE account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created

The data our customers collect by using the Subscription Service is retained according to the relevant agreements with our customers.

Legal basis for processing

The Data Protection Officer can be contacted via helpdesk@requirementone.com.

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.

How we share the information we collect

We do not share, sell, rent, or trade User Personal Information with third parties for their commercial purposes.

We do not disclose User Personal Information outside RequirementONE, except in the situations listed in this section or in the section below on Compelled Disclosure.

Third Parties

We do not host advertising on RequirementONE.

We may share User Personal Information with your permission, so we can perform services you have requested.

We may share User Personal Information with a limited number of third-party vendors who process it on our behalf to provide or improve our service, and who have agreed to privacy restrictions similar to our own Privacy Statement. Our vendors perform services such as payment processing, customer support ticketing, network data transmission, and other similar services. When we transfer your data to our vendors under Privacy Shield, we remain responsible for it.

We may share User Personal Information if we are involved in a merger, sale, or acquisition. If any such change of ownership happens, we will ensure that it is under terms that preserve the confidentiality of User Personal Information, and we will notify you on our website or by email before any transfer of your User Personal Information.

Customer testimonials

We post customer testimonials and comments on our Websites, which may contain Personal Information. We obtain each customer's consent via email prior to posting the customer's name and testimonial.

External Websites

Our websites provide links to other websites. We do not control, and are not responsible for, the content or practices of these other websites. Our provision of such links does not constitute our endorsement of these other websites, their content, their owners, or their practices. This Privacy Policy does not apply to these other websites, which are subject to any privacy and other policies they may have.

RequirementONE use of cookies and tracking

Cookies

RequirementONE uses cookies to make interactions with our service easy and meaningful. We use cookies (and similar technologies, like HTML5 localStorage) to keep you logged in, remember your preferences, and provide information for future development of RequirementONE.

A cookie is a small piece of text that our web server stores on your computer or mobile device, which your browser sends to us when you return to our site. Cookies do not necessarily identify you if you are merely visiting RequirementONE; however, a cookie may store a unique identifier for each logged in user. The cookies RequirementONE sets are essential for the operation of the website or are used for performance or functionality. By using our website, you agree that we can place these types of cookies on your computer or device. If you disable your browser or device’s ability to accept cookies, you will not be able to log in or use RequirementONE’s services.

Google Analytics

We use Google Analytics as a third-party tracking service. We use Google Analytics to collect information about how our website performs and how our users, in general, navigate through and use RequirementONE. This helps us evaluate our users' use of RequirementONE; improve the user experience; compile statistical reports on activity; and improve our content and website performance.

Google Analytics gathers certain simple, non-personally identifying information over time, such as your IP address, browser type, internet service provider, referring and exit pages, time stamp, and similar data about your use of RequirementONE.

Certain pages on our site may set other third-party cookies. For example, we may embed content, such as videos, from another site that sets a cookie. While we try to minimize these third-party cookies, we can’t always control what cookies this third-party content sets.

Heap Analytics

We use Heap Analytics as a third-party analytics service against the RequirementONE Servers. We may collect analytics data, to help us understand user navigation and click patterns so that we can improve the user experience.

Heap Analytics collects log file information from your browser or mobile device each time you access the Service. Log file information may include anonymous information such as your web request, Internet Protocol (“IP”) address, browser type, information about your mobile device, referring / exit pages and URLs, number of clicks and how you interact with links on the Service, domain names, landing pages, pages viewed, and other such information.

Tracking

"Do Not Track" is a privacy preference you can set in your browser if you do not want online services to collect and share certain kinds of information about your online activity from third party tracking services. We do not track your online browsing activity on other online services over time and we do not permit third-party services to track your activity on our site beyond our basic Google Analytics tracking, which you may opt out of here.

Because we do not share this kind of data with third-party services or permit this kind of third-party data collection on RequirementONE for any of our users, and we do not track our users on third-party websites ourselves, we do not need to respond differently to an individual browser's Do Not Track setting.

If you are interested in turning on your browser’s privacy and Do Not Track settings, the Do Not Track website has browser-specific instructions.

Please see our section on email communication to learn about our use of pixel tags in marketing emails.

How RequirementONE secures your information

No method of transmission, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.

RequirementONE takes all measures reasonably necessary to protect User Personal Information from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of User Personal Information. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it.

RequirementONE's global privacy practices

Information that we collect will be stored and processed in the United Kingdom in accordance with this Privacy Statement. However, we understand that we have users from different countries and regions with different privacy expectations, and we try to meet those needs.

We provide the same standard of privacy protection to all our users around the world, regardless of their country of origin or location, and we are proud of the levels of notice, choice, accountability, security, data integrity, access, and recourse we provide. We work hard to comply with the applicable data privacy laws wherever we do business.

To facilitate our global operations, we transfer information to either the United Kingdom or the United States and allow access to that information from countries in which the RequirementONE affiliated entities have operations for the purposes described in this policy.

Additionally, we require that if our vendors or affiliates have access to User Personal Information, they must comply with our privacy policies and with applicable data privacy laws, including signing data transfer agreements such as Standard Contractual Clause agreements.

In particular:

RequirementONE provides clear methods of unambiguous, informed consent at the time of data collection, when we do collect your personal data.

We collect only the minimum amount of personal data necessary, unless you choose to provide more. We encourage you to only give us the amount of data you are comfortable sharing.

We offer you simple methods of accessing, correcting, or deleting the data we have collected.

We provide our users notice, choice, accountability, security, and access, and we limit the purpose for processing. We also provide our users a method of recourse and enforcement. These are the Privacy Shield Principles, but they are also just good practices.

RequirementONE complies with the EU-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. RequirementONE has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Resolving Complaints

If you have concerns about the way RequirementONE is handling your User Personal Information, please let us know immediately. We want to help. You may email us directly at helpdesk@RequirementONE.com with the subject line "Privacy Shield Concerns." We will respond within a maximum of 45 days.

Dispute Resolution Process

In the unlikely event that a dispute arises between you and RequirementONE regarding our handling of your User Personal Information, we will do our best to resolve it. If we cannot, we have selected JAMS, an independent dispute resolution provider, to handle unresolved Privacy Shield complaints. If we are unable to resolve your concerns after a good faith effort to address them, you may contact JAMS and submit a Privacy Shield claim. JAMS is a US-based private alternate dispute resolution provider, and we have contracted with JAMS to provide an independent recourse mechanism for any of our users for privacy concerns at no cost to you. You do not need to appear in court; you may conduct this dispute resolution process via telephone or video conference. If you are not based in the EU, but you would still like to use the JAMS arbitration process to resolve your dispute, please let us know and we will provide access to you.

Independent Arbitration

Under certain limited circumstances, European Union individuals may invoke binding Privacy Shield arbitration as a last resort if all other forms of dispute resolution have been unsuccessful. To learn more about this method of resolution and its availability to you, please read more about Privacy Shield.

We are subject to the jurisdiction of the Federal Trade Commission.

How we respond to compelled disclosure

RequirementONE may disclose personally-identifying information or other information we collect about you to law enforcement in response to a valid subpoena, court order, warrant, or similar government order, or when we believe in good faith that disclosure is reasonably necessary to protect our property or rights, or those of third parties or the public at large.

In complying with court orders and similar legal processes, RequirementONE strives for transparency. When permitted, we will make a reasonable effort to notify users of any disclosure of their information, unless we are prohibited by law or court order from doing so, or in rare, exigent circumstances.

How you can access and control the information we collect
If you're already a RequirementONE user, you may access, update, alter, or delete your basic user profile information by editing your user profile or contacting RequirementONE Support.

Data Retention and Deletion

RequirementONE will retain User Personal Information for as long as your account is active or as needed to provide you services.

We may retain certain User Personal Information indefinitely, unless you delete it or request its deletion. For example, we don’t automatically delete inactive user accounts, so unless you choose to delete your account, we will retain your account information indefinitely.

If you would like to cancel your account or delete your User Personal Information, you may do so in your user profile. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile (within reason) within 30 days.

How we communicate with you

We will use your email address to communicate with you, if you've said that's okay, and only for the reasons you’ve said that’s okay. You have a lot of control over how your email address is used and shared on and through RequirementONE. You may manage your communication preferences in your user profile.

Depending on your email settings, RequirementONE may occasionally send notification emails about system maintenance, changes in a project you are a member of, new features, requests for feedback, important policy changes, or offer customer support. We also send marketing emails, but only with your consent. There's an unsubscribe link located at the bottom of each of the emails we send you.

Our emails might contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and what your IP address is. We use this pixel tag to make our email more effective for you and to make sure we’re not sending you unwanted email. If you prefer not to receive pixel tags, please opt out of marketing emails.

Changes to our Privacy Statement

Although most changes are likely to be minor, RequirementONE may change our Privacy Statement from time to time. We will provide notification to Users of material changes to this Privacy Statement through our Website at least 30 days prior to the change taking effect by posting a notice on our home page or sending email to the email address specified in your RequirementONE primary account. For changes to this Privacy Statement that do not affect your rights, we encourage visitors to check this page frequently.

Licensing

Privacy Policy from GitHub licensed under the Creative Commons Attribution license