Publication date July 19, 2021
Effective date September 1, 2021
Information We Collect
We collect a variety of personally identifiable information ("PII") about users of our Services in order to ensure a quality user experience. "PII" means information that we can use to identify or contact you, such as your name, address, telephone number, email address or other contact information. You are responsible for ensuring the accuracy of all PII that you submit to us. Inaccurate information may affect your experience when using the Services and/or our ability to contact you as described in this Policy. PII collected by us is protected as personal data under applicable data protection law. PII does not include "Aggregated Information" which is information or data we collect where individual user identities have been removed, including metadata on your use of the Services, IP address logs, device and location information. Aggregated Information helps us understand trends, user needs and other information to provide improved Services and may be used by us for any purpose. We may also collect other non-personally identifiable information about your use and interaction with our Services. "Non-personally identifiable information" means information where we cannot determine the identity of a natural person. Non-personally identifiable information is not treated as PII unless we combine it with or link it to PII that you give to us. If you do not wish to disclose any required information, then your sole remedies shall be to close this web tab, delete your Miro account and/or exit the Site.
How We Collect Information
Information You Give Us
We collect information that you give to us when you register or use our Services. When you register for a Miro user account ("Account") on the website or mobile application, you will be assigned a unique account identifier which will be associated with any information you give to us under your Account. You may also give us information to allow us to contact you or use certain features available through our Services without signing up for an Account, such as when you fill out a request form, provide feedback, email us, or engage in communications with our team. While you may use some functionality of the Services and/or Site without registering for an Account, most functionality and services will require that you register for an Account.
Customer Support Information
Your emails, calls and other correspondence to and from us may be recorded for various purposes including: monitoring customer service quality or compliance, checking accuracy of the information you provide us, preventing fraud or providing training for our staff or customer service representatives. Any information obtained from you through Customer support will be treated in accordance with the provisions of this Policy.
Information We Collect Automatically
Even if you do not provide information to us, we automatically collect certain information about your use and interaction with our Site and/or Services. For example, when you visit our website, our systems automatically maintain web logs to record data about all visitors who use our website and stores this information in our database. These web logs may contain information about you including the following: IP address, type(s) of operating system you use, type of device you use, date and time you visited the website, your activity and/or referring websites. We use your log information to troubleshoot problems, gather demographic information, customize your experience when accessing our Site, Services and other business purposes.
Information Collected From Other Sources
We may receive information about you from outside sources, such as commercially available demographic or marketing information, and add or combine it with your information to provide better service to you and inform you of Services or other information that may be of interest to you. Our Site offers you the functionality of using your social media credentials (e.g. Facebook, Google, Miro, etc.) to use single-sign-on to enter our Site, and in that manner, we may also collect certain information from you as you log on. We will not collect more information from you when using your social media credentials beyond the information such third parties disclose to us.
How We Use Information
We will use your information to provide and maintain our Site and Services, to improve your user experience, and for the other purposes described in this Policy. Miro uses your information in furtherance of our legitimate interests in operating our Site, Services and business. In particular, Miro uses your information to:
• Develop, research, process, safeguard, modify and improve our communications, the Site and Services.
• Send correspondence to your e-mail address, including sending password verification and retrieval links, billing, account management information, newsletters, answers to queries/suggestions and other notices related to the Site and Services.
• Improve your user experience and provide you with customer support.
• Investigate and help prevent security issues, abuse and breaches.
• As required by applicable law, legal process or regulation.
With Whom We Share Information
Disclosure With Your Consent
Where we are processing your information on behalf of a Customer, the Customer determines their own policies and practices for the sharing and disclosure of your information and Miro does not control how a Customer or any other third parties choose to share or disclose information. Where we are processing your information on our own behalf, we may disclose your information with your consent, which we may obtain in a number of ways, including:
• In writing;
• Online, by clicking on a link or button;
• Other mechanism.
Our Services permit you to submit information which may be displayed to other authorized users in the same or different Customer Account. The sharing and other controls applied to such information may be determined by you, other users and/or an administrator of your Account.
Disclosure Without Your Consent
In general, we may disclose your information without your consent to disclosure when we reasonably believe disclosure is appropriate in order to:
• Comply with the law (e.g., lawful subpoena or court order);
• Cooperate with or report to law enforcement agencies in investigations that involve users who use our Service Offerings for activities that are or seem illegal or illegitimate activities;
• Enforce or apply agreements for our Service Offerings; or
• Protect our rights or property or that of our affiliates, including respective officers, directors, employees, agents, third party content providers, suppliers, sponsors, or licensors (e.g., to address allegations about fraudulent or unlawful activity related to a Miro account).
• In connection with a merger, acquisition, public offering, sale of company assets, insolvency, bankruptcy, or receivership, subject to standard confidentiality requirements.
• To defend Miro and our affiliates, licensors, officers, agents and representatives from legal claims and processes brought to us by third parties (including takedown notices);
• Use or disclose aggregated or de-identified data in our sole discretion.
We may share your information with third parties as necessary to provide Services to you or to support the technical operation and/or maintenance of our Services, including third party application that you may engage within the Services. We may also share information with our affiliates, agents, outside vendors or service providers to perform functions on our behalf (such as cloud storage providers, analytics services, marketing and advertising services and external consultants and professional advisers). When a third party acts solely on our behalf and otherwise as applicable, we use reasonable commercial efforts to require that party to follow the privacy practices stated in this Policy or have complementary privacy protections to protect your information. We do not share your information with unaffiliated third parties except as permitted to do so in this Policy.
How We Protect Information
We use industry standard protocols and technology to protect your registered user information and personal data in order to guard and encrypt data for transmission in a format that prevents data theft by unauthorized third parties, including internal reviews of our data collection, storage and processing practices, security measures, and physical security measures. However, please take into account that the Internet and email transmissions are not secure or error free communication means. We also urge you to take additional steps on your own to safeguard and maintain the integrity of your information. For example, you should never share your Account or login information with other people and be sure to sign off when finished using a shared or public computer. We urge you to be aware that if you use or access our Services through a third party computer network (e.g., internet café, library) or other potentially non-secure internet connection, such use is not recommended and is solely at your own risk. It is your responsibility to check beforehand on the privacy and/or security policy of your network prior to accessing the Services. We are not responsible for your handling, sharing, re-sharing and/or distribution of your information except as set forth in the Policy.
What Choices and Rights Do You Have
Control Of Your Information
Customers will generally be able to edit, select or delete the amount and type of personal data they disclose to us when using our Site and services. This will be managed through your Account with us, the settings section of your account, the Site, and through the means mentioned in this Policy.
Your Privacy Rights
You may have certain rights in respect of your personal information under applicable data protection laws. Subject to any exemptions provided by law, this may include the right to:
• Access your personal information;
• Rectify or update your information, when inaccurate or incomplete;
• Request deletion of your information or, in certain circumstances, restrict our processing of your information;
• Object —with legitimate reasons— to the processing of your information;
• Revoke your consent for the processing of your information; and/or
• Request portability of your information.
As mentioned above, you are able to exercise some of these rights through your Account with us. Otherwise, if you wish to exercise your rights under applicable data protections laws please write to us using the details provided below and include, at a minimum, the following information: (i) your complete name, address and/or email address in order for us to respond to your privacy request; (ii) attached documents establishing your identity; and (iii) a clear and concise description of the personal information with regard to which you seek to exercise any of your privacy rights. If you request rectification, please indicate the amendments to be made and attach documentation to back up your request.
We will handle all privacy requests in accordance with applicable data protection laws. Upon receipt of your privacy request, and after due review of its merit, we may then fulfill your request. If you ask us to delete your information, please note that we may not be able to delete all of your information from our databases but, if that is the case, we will mark such information as permanently inaccessible.
If you are located in the European Economic Area, Switzerland or United Kingdom, you also have the right to lodge a complaint with your local data protection authority or the Dutch Data Protection Authority, which is Miro’s lead supervisory authority in the European Union:
Dutch Data Protection Authority Autoriteit Persoonsgegevens Postbus 93374 2509 AJ DEN HAAG Phone (+31) - (0)70 - 888 85 00 Fax: (+31) - (0)70 - 888 85 01 Website
Cookies and Beacons
Third Party Services
Our Site and services may also implement hyperlinks to the websites of our commercial partners and other third parties. If you click on such links, you are choosing to visit such websites, and will be redirected thereto. If you click on a third party link, our Policy and Service terms are no longer applicable and your browsing is at your own risk. We are not responsible for the privacy and personal data practices used by such third parties (including any tools, cookies, information or content contained thereinto), and we do not have control over the manner in which such third parties may collect, process, treat or use your personal data. You are strongly advised to check the privacy settings, policies and/or notices applicable to such third party sites and services prior to browsing or using such third party websites and/or services.
In addition, any banner or ad that we may have on our Site does not constitute any endorsement of any third party thereof.
Financial data and information
In order to enforce and uphold your right to privacy, you have the option to elect not to receive this type of advertising from us or third parties, now or in the future. The information generated by Google Analytics is transmitted to and stored by Google and is subject to Google’s privacy policies. To learn more about Google’s partner services and how to opt out of analytics tracking by Google, click here. You can also learn more about opting-out from personalized advertising on the Network Advertising Initiative website located at www.networkadvertising.org. In addition, you may set browser and system preferences for how other third parties serve ads to you.
Regional and International Provisions
International Data Transfers
Miro's headquarters and servers are located in the United States of America (‘USA’).This means that your personal information may be accessed and processed by us in the USA or in the USA and other countries where our affiliates, agents, partners, or third party service providers operate. If you are accessing our Site from other regions, you ought to know that you are thereby transferring your personal data to the USA or to any other country in which we operate.
Data Transfers outside the EEA, Switzerland and UK
If you are located in the European Economic Area, Switzerland or the United Kingdom (Europe), we take appropriate safeguards to ensure that your information remains protected in accordance with this Policy and applicable data protection laws when it is transferred and processed outside of Europe. This includes transferring your information to a country that the European Commission or UK authorities (as applicable) have determined provides an adequate level of protection for personal information, or by implementing standard contractual clauses with our customers, third party service providers and partners. We have also implemented certain additional safeguards to ensure your information remains protected, such as encrypting and pseudonymising information (where possible) and implementing strict security and access controls.
Legal basis to process your information
Notice to California Residents
If you are a California resident, you may be entitled to additional rights over your personal information, as detailed in this section.
California Consumer Privacy Act (CCPA) Notice for California residents:
Effective January 1, 2020, the California Consumer Privacy Act (CCPA) allows California residents to request from a business that collects personal information to give consumers access to and/or deletion of the personal information collected. Terms used in this CCPA Notice but not defined here will have the same meaning as defined under the CCPA.
1. Miro does not sell your personal information to third parties.
2. Miro discloses personal information for business purposes only.
• Business purposes can include such things as: providing our Services, maintaining and servicing accounts, providing customer service, processing or fulfilling orders and transactions, performing analytics and quality control, auditing transactions, researching and testing features and improvements, detecting and preventing fraud and security incidents, debugging or repairing technical errors, and marketing our Services.
• To request the categories of personal information that the business collected about you.
• To request the categories of personal information that the business disclosed about you for a business purpose.
• To request deletion of the personal information it has collected from you, subject to certain legal exceptions. For example, when the personal information is necessary to complete a transaction request or to comply with a legal obligation, Miro may claim an exemption to deletion of your personal information.
• The right to be protected from discrimination for exercising your CCPA rights. Businesses are prohibited from discriminating against you for exercising your rights under the CCPA, including by: (A) denying you goods or services; (B) charging you different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; (C) providing you with a different level or quality of goods or services; or (D) suggesting that you will receive a different price, rate, level, or quality of goods or services. Nothing prohibits a business from charging a different price or providing a different level or quality of service if the difference is reasonably related to the value provided to the consumer by the consumer’s data.
• Your rights under CCPA may be exempted as permitted under the statute, particularly if you use the Services as an employee or agent under a business account. Miro expressly reserves all rights to claim legal exemptions permitted under the CCPA.
For additional information about this CCPA Notice or to submit a CCPA request, please contact us.
California Online Privacy Protection Act
In compliance with CalOPPA, we have hereby posted this conspicuous Policy to the public, indicating the personal data being collected and the manner in which it may be disclosed and with whom. Accordingly, our users may visit our Site using anonymous browsing, this Policy linked in our home page, with the link including the word ‘Privacy’ or similar. We also comply with Policy change notification to our users, and provide mechanisms that allow our users to manage their personal data personal information.
California “Shine the Light”
In compliance with the California Civil Code Section 1798.83, we do not disclose your information to third parties for their own marketing purposes.
Miro does not knowingly collect any kind of information from persons under the age of thirteen (13). By using our Services and/or browsing the Site, you hereby represent and warrant that (i) you are at least thirteen (13) years of age — or older — as of the date of first access to the Site; and, (ii) if you are a minor (which may differ depending on the jurisdiction where you reside), you are accessing the Site under the direct supervision of your parent or legal guardian.
Miro may change this Policy from time to time as laws, regulations, industry standards and/or our business evolves. We will post the changes to this page and encourage you to review our Policy periodically to stay informed. If we make changes that materially alter your privacy rights, Miro will provide additional notice, such as via email or through the Services. If you disagree with the changes to this Policy, you should deactivate your Services Account. Contact your Account administrator if you wish to request the removal of your personal data under their control.
RealtimeBoard Inc. dba Miro 201 Spear Street Suite 1100 San Francisco, CA 94105 United States
To communicate with our Data Protection Officer, please email firstname.lastname@example.org.