Last Updated: May 25, 2018

Certain, Inc. through its Touchpoint division (“Touchpoint,” “we” or “us”) respects the privacy of its users and has developed this Privacy Policy to demonstrate its commitment to protecting your privacy. This Privacy Policy is intended to describe for you, as an individual who is a user of our iOS app, Android app and mobile site or our website, www.gatherdigital.com, or any other web-based or mobile service we offer (the “Service” or the “Touchpoint Service”), the information we collect, how that information may be used, with whom it may be shared, and your choices about such uses and disclosures.

We encourage you to read this Privacy Policy carefully when using our Service. By using our Service, you are accepting the practices described in this Privacy Policy.

Touchpoint complies with and commits to continue complying with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. Touchpoint has certified that it adheres to the EU-U.S. Privacy Shield Principles of notice; choice; accountability for onward transfer; security; data integrity and purpose limitation; access; and recourse, enforcement and liability. To learn more about the EU-U.S. Privacy Shield Program please visit https://www.privacyshield.gov. Please also reference our commitments to the Privacy Shield Principles toward the end of this Privacy Policy.

Touchpoint complies with the General Data Protection Regulation (“GDPR”). More information about your rights under GDPR can be found below.

If you have any questions about our privacy practices, please refer to the end of this Privacy Policy for information on how to contact us.

When providing our Service, our clients (usually a conference or program organizer) choose the types of personal information we process and the purposes of the processing. As a result, Touchpoint encourages consumers to first address any inquiries or complaints to the conference or program organizer. We welcome any unresolved questions or issues at [email protected]. If Touchpoint cannot resolve the complaint, Touchpoint is committed to:

1. Use the International Centre for Dispute Resolution (ICDR), a division of the American Arbitration Association (AAA), to resolve disputes (information about ICDR can be found at https://www.icdr.org/privacyshield )

or,

2. Cooperate and comply with the EU Data Protection Authorities (DPAs) to investigate unresolved complaints.

• The EU DPAs may be contacted directly via the information provided at https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en.
• The FDPIC may be contacted directly via the information provided at http://www.edoeb.admin.ch/index.html?lang=en

Information we collect about you

We obtain and process personal information in different capacities:

• As a data controller, we collect and process personal information directly from individuals, either via our publicly available website, www.gatherdigital.com, or in connection with our client, partner, and vendor relationships.
• As an agent (as that term is used in the EU-U.S. Privacy Shield Principles) and data processor (as that term is used under GDPR), we obtain and process personal information on behalf of and under the instructions of our clients in connection with the provision of our Service. In that context, clients are the data controllers or agents and the roles and responsibilities of the parties for the processing of personal information are defined in our agreements with clients.

In General. We may collect personal information that can identify you, such as your name and e-mail address and other information that you or our client provides to us. We may also collect information that does not identify you. When you provide personal information through our Service or through our website, the information may be sent to servers located in the United States and other countries around the world. We collect information and retain data about you solely for the purpose of enabling your use of the Service and for enabling our client to provide you with offers and capabilities relevant to your use of the Service.

• Information you provide. We may collect and store any personal information you enter on our Service or website or provide to us in some other manner, including through our clients. This includes identifying information, such as your name, e-mail address and image. We, directly or through our clients, also may request information about your interests and activities, your location (such as ZIP code and/or country), and other demographic or profile information and we may ask you to complete a survey. We may also collect information that you proactively provide as part of our Service, such as a photo attributable to you as the photographer that you have taken and proactively submitted for display to other end users of the Service.
• Information from other sources. We may also periodically obtain both personal and non-personal information about you from our clients, business partners, contractors, and other third parties and add it to our account information or other information we have collected. Examples of information that we may receive include: updated delivery and address information, your place of work, your professional title and additional demographic information.
• Editing your information or opting out of its display. You have a right to access your personal data. In some cases our clients will provide you with the ability to edit the information displayed about you directly in the Service. In other cases they will provide you with a contact with whom to communicate to edit the information on your behalf. You may opt out of the display of your information by communicating with our client or directly in the Service. You may also opt out of participation in attendee to attendee messaging.
• Opting in to the use of any sensitive information. Where such use or transfer of your personal data involves sensitive information as explained in the Principles of the EU-U.S. Privacy Shield Framework, you will have the right to opt-in before such use or transfer. When we are acting as the data controller, we will provide you with that opt-in. When we are acting as the agent, we advise our clients to provide you with that opt-in.

Use of cookies and other technologies to collect information. We use various technologies to collect information from your mobile device and about your activities on our Service.

• Information collected automatically. We automatically collect information from your mobile browser and device when you visit our Service. This information may include a unique identifier for your device, your device type, browser type and language, access times, the content of any undeleted cookies that your browser previously accepted from us, and any referring website address. We may also collect information about the location of your device and provide that information to our client, for the purpose of enabling certain capabilities such as localized offers through our service and to enable our client to improve its service. You may choose not to allow location-based services when you access our Service and may turn off location-based services at any time under settings on your device. If you do not allow or turn off location-based services, please note that you may not be able to use some of the features of our Service.
• Cookies. When you visit our Service, we may assign your mobile device one or more cookies to facilitate access to our Service and to personalize your experience. Through the use of a cookie, we also may automatically collect information about your activity on our Service, such as the pages you visit, the links you click, and the activities you conduct on our Service. Most browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies. If you choose to decline cookies, please note that you may not be able to use some of the features offered on our Service.
• Information collected by third parties. We may allow third parties, including our clients, conference sponsors and exhibitors and advertising companies to display advertisements on our Service. These companies may use tracking technologies, such as cookies, to collect information about users who view or interact with their advertisements. Our client may also offer exhibitors at their event the ability to scan a QR code located on the physical name tag badge you may be wearing or may have in our Service with your permission. The QR Code may contain identifying information about you, such as name, organization and email address. You may choose to not allow the scanning of any QR code identifying you.

Push notifications

• If you have enabled notification in the Service, we will push notifications through a push notification provider, such as Apple Push Notification Service or Google Cloud Messaging. You can manage your push notification preferences or deactivate these notifications by turning off notifications in the application or device settings.

How we use the information we collect

In general. We may use information that we collect about you to:

• operate the Service, such as display the conference, reunion, event or gathering information to you in a format appropriate for your specific mobile device;
• to deliver other products and services that you have requested;
• share information you have voluntarily provided about yourself with other registered attendees, sponsors and exhibitors who are attending the same conference, reunion, event or gathering;
• reflect choices you have made and make accessible information that you have provided in the Service, such as notes that you may take, on any device from which you may access our Service;
• provide you with customer support;
• perform research and analysis about your use of, or interest in, parts of our Service, content, or products, and services or content offered by others;
• communicate with you or allow our conference-planning clients, other attendees or sponsors or exhibitors to communicate with you by e-mail and/or mobile devices about products or services related to the specific conference, reunion, event or gathering that may be of interest to you;
• develop and display content and advertising tailored to your interests on our Service, such as the event sessions that you would like to attend;
• enforce our Terms of Service;
• manage our business; and
• perform functions as otherwise described to you at the time of collection.

With whom we share your information

We want you to understand when and with whom we may share personal or other information we have collected about you or your activities on our web site, while using our Service or through our conference-planning clients.

Personal information. We do not share your personal information with others except as indicated below or when we inform you and give you an opportunity to opt out of having your personal information shared. We may share personal information with:

• Other Users. Users, attendees, sponsors and exhibitors attending the same events as you will be able to view the personal information that you or our clients provide with your permission. However, to ensure your privacy, Touchpoint will not display or give out your e-mail address or any other contact information to other users except as otherwise described in this Privacy Policy. It is up to you to choose when you are comfortable disclosing your e-mail address, or any other contact information, to others through private communications.
• Our clients. For the purpose of understanding usage of our Service, interest level in certain aspects of the conference, reunion, event or gathering, and for other purposes, we may share personal information with our clients to offer you products, services, promotions, surveys and additional functionality on our Service.
• Our cloud services hosting providers and technology partners. To operate our Service, we may share personal information about you with our cloud services hosting providers and other technology providers in order to allow you access to the Service and use of certain capabilities in the Service, such as the ability to post a photo and view photos posted by others. Our cloud services hosting providers have certified to comply with the principles of the EU-U.S. Data Privacy Shield. Any technology providers with whom we might work who have not certified under the EU-U.S. Data Privacy Shield have signed contracts with us or have terms of service that explicitly protect the data privacy and security of any personal information that may be shared with them, and they agree to use that personal information solely for the purpose of delivering their service to us in order to enable our Service to our clients and you.

Other Situations. We also may disclose your information:

• In response to a subpoena or similar investigative demand, a court order, or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we may raise or waive any legal objection or right available to us.
• When we believe disclosure is appropriate in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to comply with applicable law or cooperate with law enforcement; or to enforce our website terms and conditions or other agreements or policies.
• In connection with a substantial corporate transaction, such as the sale of our business, a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.

Our clients who are hosting a conference, event or program in which you are participating from whom we may be given personal information about you and to whom we may disclose personal information may have their own privacy policies which describe how they use and disclose personal information. Those policies will govern use, handling and disclosure of your personal information as described in this Privacy Policy. If you want to learn more about their privacy practices, we encourage you to visit the websites of those clients.

Aggregated and non-personal information. We may share aggregated and non-personal information we collect under any of the above circumstances. We may also share it with third parties to develop and deliver targeted advertising on our Service. We may combine non-personal information we collect with additional non-personal information collected from other sources. We also may share aggregated information with third parties, including advisors, advertisers and investors, for the purpose of conducting general business analysis. For example, we may tell our clients the number of visitors to our Service and the most popular features or services accessed. This information does not contain any personal information and may be used to develop Service content and features that we hope you and other users will find of interest and to target content and advertising.

Third-party websites

There are a number of places on our Service where you may click on a link to access other websites that do not operate under this Privacy Policy. For example, if you click on an advertisement or a link on our Service, you may be taken to a website that we do not control. These third-party websites may independently solicit and collect information, including personal information, from you and, in some instances, provide us with information about your activities on those websites. We recommend that you consult the privacy statements of all third-party websites you visit by clicking on the "privacy" link typically located at the bottom of the webpage you are visiting.

Your Profile Information

You have the right to access your personal information. If you have not been asked by us or our clients to fill out an information profile nor have you expressed permission to include personal information on the Service, there will either be no personal information about you displayed or the personal information about you that will be viewable by other users, attendees, sponsors and exhibitors will typically be limited to your name, professional affiliation and title, and if the conference is a reunion, your class year, and/or other defining group chosen by our conference-planning clients. We will not publish your email address or other specific contact information on the Service without your consent, which may be obtained directly by us or through our conference-planning clients. If you have been asked to fill out a profile and you have elected to provide personal information, you will be given contact and other information at that time as to how you may change any profile information or opt-out of providing profile information. You can also opt out of the display of information about you directly in our Service. You can choose not to provide us with certain information, but that may result in you being unable to use certain features of our Service.

How we protect your personal information

We take appropriate security measures (including physical, electronic and procedural measures) to help safeguard your personal information from unauthorized access and disclosure. For example, only authorized employees are permitted to access personal information, and they may do so only for permitted business functions. In addition, we use encryption in the transmission of your sensitive personal information between your system and ours, and we use firewalls to help prevent unauthorized persons from gaining access to your personal information.

We want you to feel confident using our Service. However, no system can be completely secure. Therefore, although we take steps to secure your information, we do not promise, and you should not expect, that your personal information, searches, or other communications will always remain secure. Users should also take care with how they handle and disclose their personal information and should avoid sending personal information through insecure e-mail. Please refer to the Federal Trade Commission’s website for information about how to protect yourself against identity theft.

There are risks associated with providing and posting personal information and communications

We may provide areas on our Service where you can post information about yourself and others and communicate with others or upload content (e.g., pictures). Such postings are governed by our Terms of Service. You should be aware that whenever you voluntarily disclose personal information on a publicly-viewable service, that information will be publicly available and can be collected and used by others. For example, if you post your e-mail address, you may receive unsolicited messages. We cannot control who reads your posting or what other users may do with the information you voluntarily post, so we encourage you to exercise discretion and caution with respect to your personal information.

Children's privacy

Our website is a general audience site, and we do not knowingly collect personal information from children under the age of 13.

Opt–out

The Touchpoint Service provides a means for our clients to publish information in a format optimized for mobile devices. As such, we request that should you desire to opt-out of the display of your personally-identifiable information in the Touchpoint Service, you first contact our client, the conference planner or program organizer. You may also contact Touchpoint directly at [email protected] [email protected] with the subject “privacy policy”. Please include the name of the app you are using. Or you may call us at 919-932-4266.

Visiting our Service from outside the United States

If you are visiting our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where many of our third-party hosted servers are located and our central database is operated. The data protection and other laws of the United States and other countries might not be as comprehensive as those in your country. Please be assured that we seek to take reasonable steps to ensure that your privacy is protected. By using our services, you understand that your information may be transferred to our facilities and those third parties with whom we share it as described in this privacy policy.

Your EU Privacy Rights

If you are visiting the Site from the EU or where applicable EU data protection laws so provide, subject to certain limitation and exceptions, you may exercise the following rights regarding your personal data:

Access
You have the right to obtain from us confirmation if your personal data is being processed and certain information in this regard.

Rectification
You have the right the request the rectification of inaccurate personal data and to have incomplete data completed.

Objection
You have the right to object to the use of your personal data in certain circumstances, such as the use of your personal data for direct marketing.

Portability
You have the right to transfer your personal data to a third party in a structured, commonly used and machine-readable format, in circumstances where the personal data is processed with your consent or by automated means.

Restriction
You may request to restrict processing of your personal data if (i) you contest the accuracy of it; (ii) the processing is unlawful and you oppose the erasure of it and request restriction instead; (iii) we no longer need it, but you tell us you need it to establish, exercise or defend a legal claim; or (iv) you object to processing based on public or legitimate interest. Please be aware that we may need a period of time to verify your request and determine if we have overriding legitimate grounds to use it.

Erasure
You have the right to request that we delete your personal data in certain circumstances, such as when it is no longer necessary for the purpose for which it was originally collected.

Right to lodge a complaint
You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your residence, or the location where the issue that is the subject of the complaint occurred.

Right to refuse or withdraw consent
Please note that in the case where we ask for your consent to certain processing, you are free to refuse to give consent and you can withdraw your consent at any time without any adverse negative consequences, except that you may no longer be able to use some or all of the features of the Service. The lawfulness of any processing of your personal data that occurred prior to the withdrawal of your consent will not be affected.

If you have questions about exercising any of those rights or their applicability to any of our particular processing activities or have questions about any data transfer mechanism or want a copy thereof, you may contact us at [email protected] or at the address provided in the Contact Us section below.

Your California Privacy Rights

California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits California residents to request and obtain once a year, free of charge, information about the personal information (if any) that Touchpoint disclosed to third parties for the third parties’ direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please email your request to [email protected].

No Rights of Third Parties

This Privacy Policy does not create rights enforceable by third parties or require disclosure of any personal information relating to users of the Service.

Changes to this Privacy Policy

We will occasionally update this Privacy Policy to reflect changes in our practices and services. When we post changes to this Privacy Policy, we will revise the "last updated" date at the top of this Privacy Policy. We recommend that you check our website, www.gatherdigital.com, from time to time to inform yourself of any changes in this Privacy Policy or any of our other policies.

Our Commitment to the Privacy Shield Principles

1. Notice Touchpoint’s Privacy Policy above combined with our commitment to the EU-U.S. Privacy Shield Principles describes our privacy practices with respect to personal information received from the European Union in reliance on the Privacy Shield.
2. Choice When providing our Service, our clients choose the types of personal information we process and the purposes of the processing. Accordingly, our clients are responsible for providing notice to individuals. In the event personal information is (i) to be used for a purpose that is materially different from the purposes for which the personal information was originally collected or subsequently authorized, or (ii) transferred to a third party acting as a data controller, individuals will be given, where practical and appropriate, an opportunity to opt out of having their personal information so used or transferred where it involves non-sensitive information. Where such use or transfer involves sensitive information, individuals must opt-in before such use or transfer.

3. Data Integrity and Purpose Limitation Any personal information we receive may be used by Touchpoint for the purposes indicated in our above Privacy Policy or as otherwise notified to you. We will not process personal information in a way that is incompatible with these purposes unless subsequently authorized by you.

   We take reasonable steps to limit the collection and usage of personal information to that which is relevant for the purposes for which it was collected, and to ensure that such personal information is reliable, accurate, complete and current. Individuals are encouraged to keep their personal information with our client and with Touchpoint up to date and may contact Touchpoint as indicated below to request that their personal information be updated or corrected.

   We will retain your personal information in an identifiable form only for the period necessary to fulfill the purposes outlined in the this Privacy Policy unless a longer retention period is required or permitted by law or by the Principles. We will adhere to the Principles for as long as we retain the personal information collected under the Privacy Shield.

   When providing our Service, we process and retain personal information as necessary to provide our Service as permitted in our agreement with clients, or as required or permitted under applicable law.

4. Accountability for Onward Transfer of personal information Touchpoint may transfer personal information for the purposes described in the Privacy Policy to a third party acting as a data controller or as an agent. If we intend to disclose personal data to a third party acting as a data controller or as an agent we will comply with, and protect, personal information as provided in the Accountability for Onward Transfer Principle. When providing our Service we disclose personal information as provided in our agreement with clients.

   We remain responsible for the processing of personal information received under the Privacy Shield and subsequently transferred to a third party acting as an agent if the agent processes such personal information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.

5. Security Touchpoint takes reasonable and appropriate precautions, taking into account the risks involved in the processing and the nature of the personal information, to help protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction.

6. Access Where appropriate, individuals have reasonable access to their personal information and may request corrections, deletions, or additions where the personal information is inaccurate or has been processed in violation of the Principles. We may limit or deny access to personal information where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Principles. You may request access to your personal information by contacting us as described below.

   When providing our Service, we only process and disclose the personal information as specified in our agreements with clients. Our client controls how personal information is disclosed to us and processed, and how it can be modified. Accordingly, if you want to request access, or to limit use or disclosure of your personal information, please contact the company to which you submitted your personal information and that uses our Service. If you contact us with the name of our client to which you provided your personal information, we will refer your request to that client and support them in responding to your request.

7. Recourse, Enforcement and Liability Touchpoint has established procedures to periodically verify implementation of and compliance with the Principles. Touchpoint conducts an annual self-assessment of its practices regarding personal information, regularly engages in external verification of its data security, and also undertakes a SOC 2 audit, all intended to verify that the assertions Touchpoint makes about its practices are true and that such practices have been implemented as represented.

   In case of disputes, individuals are able to seek resolution of their questions or complaints regarding the processing of their personal information in accordance with the Principles. If an individual feels that Touchpoint is not abiding by this Notice or is not in compliance with the Principles, he or she should first contact Touchpoint at the contact information provided below.

   If an issue cannot be resolved through Touchpoint’s internal dispute resolution mechanism, you may submit a complaint to the International Centre for Dispute Resolution (ICDR), a division of the American Arbitration Association (AAA). (Information about ICDR can be found at (https://www.icdr.org/icdr/faces/icdrservices/safeharbor), which provides an independent third-party dispute resolution option based in the U.S. For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in the Principles available here.

   Touchpoint is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).

How to contact us

If you have any questions about this Privacy Policy or our information-handling practices, or if you would like to request information about our disclosure of personal information to third parties for their direct marketing purposes, please contact us by e-mail at [email protected]