Prismic Privacy Policy

 

Revision: 20190931 - Effective Date: Sep 17th, 2019

Prismic.io Inc. (“Prismic”) knows that you care about how your Personal Data is used and shared and we take your privacy seriously. We've put together the following information so that you can learn about our Privacy Policy. By using or accessing Prismic’s Website or by using any of Prismic’s materials or services (the “Prismic Services”) in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and consent to the fact that we may collect, use, and share your information in any ways outlined in this Policy.

What does this Privacy Policy cover?

This Privacy Policy covers our treatment of personally identifiable information (“Personal Data”) that we may gather when you are accessing or using our Website or the Prismic Services, but not the practices of companies we don’t own or control, or people that we don’t manage. We gather various types of Personal Data from our users and we use this Personal Data internally as explained in more detail below. In certain cases, we may also share some Personal Data with third parties, but only as described below.

We do not knowingly collect or solicit Personal Data from anyone under the age of thirteen (13) years old. If you are under thirteen, please do not attempt to send any Personal Data to us. If we learn that we have collected Personal Data from a child under the age of thirteen we will delete that information as quickly as possible. If you believe that a child under thirteen may have provided us with Personal Data please contact us at dataprivacy@prismic.io.

EU-U.S. Privacy Shield

Prismic Io Inc complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles.  If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. Under certain conditions described on the Privacy Shield website, you may invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other dispute resolution procedures. Prismic's compliance with the Privacy Shield Principles is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

California Online Privacy Protection Act Compliance

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of Personal Data which we share with our affiliates and/or third parties for marketing purposes and for us to provide contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to: dataprivacy@prismic.io.

What information do we collect?

If you are a registered Prismic user, we collect the following Personal Data from you: your name, email address, and the IP address used when accessing the Prismic Services.

If you visit our Website or a website powered by the Prismic Services, we collect and store your IP address in accordance with applicable legal regulations.

Information that You provide to us

We may receive and store any information you knowingly provide to us, including information you post on our website and information in correspondence with us. Certain information may be required to take advantage of some of our features.

Information received from third parties

We may receive information about you from third parties who have represented to us that they have the authority and the legal right to collect and provide us with that information.  Those third parties may include customers of Prismic with whom you have a relationship, and providers of information who may have collected your information through a separate relationship with you, or from public records.

Information collected automatically

Whenever you interact with our Website, we automatically receive and record information on our server logs from your browser or device. This may include your IP address, device identification, “cookie” information, the type of browser and/or device you’re using to access our Website, and the page or feature that you have requested. “Cookies” are identifiers we transfer to your browser or device that allow us to recognize your browser or device and tell us how and when pages and features in our Website are visited and by how many people. You may be able to change the preferences on your browser or device to prevent or limit your device’s acceptance of cookies, but this may prevent you from taking advantage of some of our features. If you click on a link to a third-party website or service, such third party may also transmit cookies to you. Again, this Privacy Policy does not cover the use of cookies by any third parties and we aren’t responsible for their privacy policies and practices.

In addition, if you use any Prismic Services, we may collect information regarding your login, your account, and data you may process using the Prismic Services.  When we collect the usage information described above, other than to provide support related to your use of the Prismic Services, we only use this data in anonymized, aggregate form, and not in a manner that would identify you personally. For example, this aggregate data can tell us how often users use a particular feature of the Website and we can use that knowledge to adapt the Website to user needs and interests.

If Prismic has your Personal Data as a result of your relationship with one of Prismic’s customers, you should first contact that customer before contacting Prismic.

What do we use your information for?

We use the data we collect to operate our business and to provide the Prismic Services to you. This includes using the data to improve our services and to personalize your experiences. We may also use the data to communicate with you about your account, to provide security updates, or, among other things, to give you information about Services. We may also use the data to manage your email subscriptions, improve the relevance and security of our website, respond to user enquiries, send you periodic marketing communications about our Services, and improve the relevance of our advertising.

Will Prismic share any of your Personal Data?

We neither rent nor sell your Personal Data in personally identifiable form to anyone. However, we may share your Personal Data with third parties as described in this section.

Aggregated Anonymized Personal Data. We may anonymize your Personal Data so that you are not individually identifiable and provide that information to our partners to understand how often and in what ways people use our Website and the Prismic Services. However, we never disclose aggregate information to a partner in a manner that would allow an individual to be identified.

Agents: We may employ other companies and people to perform tasks on our behalf and may need to share your information with them in order to provide products or services to you; for example, we may use Google Analytics to track your usage of our Website. Unless we tell you otherwise, our agents do not have any right to use the Personal Data we share with them beyond what is necessary to assist us, unless otherwise described in this Privacy Policy.

Business Transfers: We may choose to buy or sell assets. In these types of transactions, customer information is typically one of the business assets that would be transferred. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Data could be one of the assets transferred to or acquired by a third party.

Prismic Customers:  If you are using the Prismic Services in connection with your work or relationship with one of Prismic’s customers, Prismic may disclose your Personal Data or any information related to your use of the Prismic Services to that company or organization.

Prismic Subprocessors: To support delivery of the Prismic Services, Prismic may engage and use third-party data processors with access to certain Personal Data (each a "Subprocessor"). Prismic current list of Subprocessors is available here.

Protection of Prismic and Others: We reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or court order; enforce or apply other agreements; or protect the rights, property, or safety of Prismic, our employees, our users, or others.

Promotional Activities:  We may use your Personal Data to contact you regarding Prismic products and services which we believe may be of interest to you or your organization.  You have the right to opt-out of receiving these messages as noted below.

Under the Privacy Shield Framework and in the context of an onward transfer, Prismic has responsibility for the processing of Personal Data it receives and subsequently transfers to a third party acting as an agent on its behalf. We shall remain liable under the Privacy Shield Principles if an agent processes such Personal Data in a manner inconsistent with the said principles unless we prove that we are not responsible for the event giving rise to the damage.

Is my Personal Data secure?

We endeavor to protect the privacy of your account and other Personal Data we hold in our records, but unfortunately, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time. In particular, you acknowledge that Prismic is not responsible for any loss of any passwords or login information which you receive for access to Prismic Services which results from your failure to keep that information secure.

Prismic uses the methods specified here to ensure and maintain the security of our Services.  Although we believe these methods are adequate, you acknowledge that no security measures are perfect or impenetrable and that any transfer of information is at your own risk.

What choices do I have?

You can always opt not to disclose information to us, but keep in mind some information may be needed to take advantage of some of our special features or may be required by your relationship with one of Prismic’s customers.

You have the right to request access or change to any Personal Data which Prismic may have by contacting us at dataprivacy@prismic.io. The information will be provided in a machine-readable format. You may also ask that we transfer the Personal Data to a third party, which we will do if technically feasible.

You also have the right to review, add, and update your Personal Data.  You may also request the deletion of your Personal Data where :

  • the Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed,
  • you withdraw consent for Prismic’s possession of the information on which the processing is based and where there is no other legal ground for Prismic’s retention of the information,
  • you object to Prismic’s possession of the information and there is no overriding legitimate basis for the retention,
  • the Personal Data has been unlawfully obtained or processed, or
  • the Personal Data has to be erased for compliance with a legal obligation in the European Union or other law to which Prismic is subject.

However, keep in mind that when you update information we may maintain a copy of the unrevised information in our records. Some information may remain in our records after your deletion of such information from your account. We may use any aggregated data derived from or incorporating your Personal Data after you update or delete it, but not in a manner that would identify you personally.

If Prismic has your Personal Data as a result of your relationship with one of Prismic’s customers, you should first contact that customer before contacting Prismic.

In compliance with the Privacy Shield Principles, Prismic commits to resolve complaints about our collection or use of your Personal Data.  European Union and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Prismic : 

  • by email at : dataprivacy@prismic.io
  • by mail at:
    Data Privacy Office
    New Prismic 
    9 rue de la Pierre Levée 
    75011 PARIS France

Prismic has further committed to cooperate with the panel established by the European Union data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning data transferred from the EU and Switzerland.

Marketing communications

If you provide us with an email address, you expressly consent to receive marketing communications from Prismic about your use of the Website, the Prismic Services, and our Products.  You can always choose whether or not you want to receive marketing communications from Prismic. You can also opt-out from marketing communications by using the opt-out link featured at the bottom of all of our communications.

Rights to Object or Restrict Processing of Personal Data.

If Prismic has your Personal Data as a result of your relationship with one of Prismic’s customers, you should first contact that customer before contacting Prismic. You may, however, at any time revoke your consent to the collection, processing, and use of your Personal Data by emailing dataprivacy@prismic.io.  Upon receipt of your request, Prismic will delete your personal data provided Prismic may retain any data which is required for billing and accounting purposes or which is subject to legal retention requirements. In addition, if you discover any errors in our data, you may contact us by emailing dataprivacy@prismic.io and we will correct it.

Right to be informed of the appropriate safeguards where Personal Data is transferred to a third country or to an international organization

If Prismic has your Personal Data as a result of your relationship with one of Prismic’s customers, you should first contact that customer before contacting Prismic.

Prismic enters into agreements with its customers regarding the safeguards that have been put in place to protect your Personal Data for transfer outside of the European Economic Area. For transfers to countries without an adequacy decision by the European Commission, Prismic puts appropriate safeguards through contractual obligations.

What if I have questions about this policy or if I want to report an abuse of this policy?

If you have any questions or concerns regarding our privacy policies, please send us a detailed message to dataprivacy@prismic.io and we will try to address your concerns.

Will Prismic ever change this Privacy Policy?

We’re constantly trying to improve our Website and the Prismic Services, so we may need to change this Privacy Policy from time to time.  We will provide notice of any changes on the Website by sending you an email and/or by some other means. Please note that those legal notices will still govern your use of the Website, and you are still responsible for reading and understanding them even if you haven’t provided us with your email, or if you have told us you do not want to receive emails from us. If you use the Website or the Prismic Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes.