Our Website, Platform and Marketing Privacy Policy
Last updated: January 2024
PLEASE READ THIS POLICY CAREFULLY
Protecting your personal information is very important to CrowdPrisma, owned by Holborn LLC (“Holborn LLC” “our”, “us” or “we”).
This policy sets out the basis on which any personal data about you will be processed and applies to: (i) activities on or through our publicly available website, https://crowdprisma.com/ (“Website”), and in connection with our software-as-a-service transcription platform known as ‘CrowdPrisma’ (“Platform”); and (ii) our direct marketing activities.
Our Website may contain links to third-party websites. If you follow a link to any of those third-party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third-party websites.
Identity and contact information of the Data Controller For the purposes of data protection legislation in the European Union, the data controller (i.e. the person that determines the purposes and manner in which your personal data are processed) in connection with:
- activities on or through the Website, and (i) Identity Data; (ii) Contact Data; (iii) Transaction Data; (iv) Technical Data; (v) Profile Data; and (vi) Usage Data on or through the Platform
- The Platform account holder, in connection with Content Data on or through the Platform. Holborn LLC is the data processor and merely processes personal data in accordance with the instructions given to us by the account holder.
Questions, comments and requests regarding this privacy policy are welcome and should be addressed to support@crowdprisma.com.
Personal information we may process about you Our Website operates primarily to market the Platform to individuals and organisations. To the extent we collect personal data via our Website, our main purpose is to better serve our potential customers and to improve the function of the Website. A breakdown of the personal data we may process is set out in the table below.
Personal data | Why are personal data processed? | Legal basis for processing | Period for which your data will be stored | Will your personal data be shared with third parties? | Transfers outside the European Economic Area | |
---|---|---|---|---|---|---|
1 | The IP address or other unique identifier of the device you used to access our Website. | To improve the function of the Website. | Processing is necessary for our legitimate interests (i.e. to understand who is visiting the Website). | 3 years | For analytics and error tracking purposes, may share this data with organizations such as Mixpanel Inc., Twitter Inc., Microsoft Corp., Google LLC and Meta Platforms Inc. or their or its affiliates. This helps us improve our Website. | Mixpanel Inc., Twitter Inc., Microsoft Corp., Google LLC and Meta Platforms Inc. or their or its affiliates may store and process this data in the USA. To ensure these transfers are lawful, we rely on the fact that each entity is certified as complying with the EU-US Data Privacy Framework regime. In the event they are not certified by the EU-US Data Privacy Framework regime, we will ensure another lawful mechanism exists. |
2 | Usage data (e.g. information about how you use our website) and other technical data (e.g. browser type and version, time zone setting and location). | To improve the function of the Website. | Processing is necessary for our legitimate interests (i.e. to understand who is visiting the Website). | 3 years | We may share this data with organizations such as Mixpanel Inc. for analytics and error tracking purposes. This helps us improve our Website. | Mixpanel Inc. stores and processes this data in the USA. To ensure this transfer is lawful, we rely on the fact that Mixpanel Inc. is certified as complying with the EU-US Data Privacy Framework regime. |
3 | Your first name, last name, email address, postal address and company name. | To enable us to engage in direct marketing (such as newsletters or marketing emails for products and services provided by us that we believe will be of interest to you). | Processing is necessary for our legitimate interests (i.e. direct marketing activities to customers and potential customers). | Until such time as you inform us you don't want to continue receiving marketing communications - you have the right to unsubscribe at any time. | We use third party CRM or analytics providers such as HubSpot Inc. to manage our sales and marketing activities. | HubSpot Inc. stores and processes personal information in the USA. To ensure this transfer is lawful, we rely on the fact that HubSpot Inc. is certified as complying with the EU-US Data Privacy Framework regime. |
4 | A record of any communication / correspondence you have with us (e.g. when you contact us by email, telephone or post). | To enable us to maintain records with our potential and actual clients. | Processing is necessary to take steps at your request prior to entering into a contract. If this doesn't apply, then you have provided your consent. | For up to 6 years | We may use third party hosted services such as Google to manage our activities. | We may use hosted services (such as Google) which stores and processes personal information in the USA or elsewhere. Where we do so, we will ensure that the transfer is lawful. |
5 | Any personal data that you provide to us as part of a survey. | To improve our Website or services. | Processing is necessary for our legitimate interests (i.e. to understand the requirements of our potential and actual clients). | For as long as we are using such data to improve our services and for a reasonable period afterwards. | We may use third party hosted services such as Google to manage our activities. | We may use hosted services (such as Google) which stores and processes personal information in the USA or elsewhere. Where we do so, we will ensure that the transfer is lawful. |
We may collect, use, store and transfer different kinds of personal data about you as a result of your activities on or through the Platform, which we have grouped together follows:
- Identity Data, which includes your first name, last name, social media profile, user ID, company name, job position and company department.
- Contact Data, which includes your email address and postal address.
- Content Data, any personal data which is contained within the audio or video file that you ask us to transcribe.
- Transaction Data, which includes details about payments to and from you and other details of services you have purchased from us.
- Technical Data, which includes your internet protocol (IP) address, your login data, browser type and version, time zone setting and location you use to access the Platform.
- Profile Data, which includes your password, subscriptions purchased by you, your preferences, feedback and survey responses.
- Usage Data, which includes information about how you use our Platform.
A breakdown of the personal data we may process is set out in the table below. Please note that third parties may collect personal data from you directly. For example, payment processors such as Stripe Inc. collect financial data (such as your payment card details) when you make payment to us on the Platform.
Why are personal data processed? | Personal data | Legal basis for processing | Period for which your data will be stored | Will your personal data be shared with third parties? | Transfers outside the European Economic Area | |
---|---|---|---|---|---|---|
1 | To register you as a new customer. | Identity Data, Contact Data and Profile Data. | Performance of a contract with you. | Until such time as you delete your account. | We share this data with organizations such as Atlas (t/a MongoDb Inc.), to help store user account information. | Atlas stores this data in the USA. To ensure this transfer is lawful, we rely on the fact that we have a contract in place with Atlas (i.e. the Standard Contractual Clauses) which is approved by the European Commission and gives personal data the same protection it has in Europe. |
2 | To process users’ access to the Platform, including ensuring secure access to the Platform | Identity Data, Contact Data and Profile Data. | Performance of a contract with you. Necessary to comply with a legal obligation. | Until such time as you delete your account. | We share this data with organizations such as Auth0, Inc., to ensure secure access to the Platform. | Auth0 Inc. stores this data in the USA. To ensure this transfer is lawful, we rely on the fact that Auth0, Inc. is certified as complying with the EU-US Data Privacy Framework regime. |
3 | To manage payments, fees / charges and to collect / recover money owed to us. | Identity Data, Contact Data and Transaction Data. | Performance of a contract with you. Processing is necessary for our legitimate interests (i.e. to recover debts due to us). | For as long as debts remain outstanding. | We will share your email address with Stripe Inc. so that payment receipts can be sent to you by email. | Stripe Inc. stores this data in the USA. To ensure this transfer is lawful, we rely on the fact that Stripe Inc. is certified as complying with the EU-US Data Privacy Framework regime. |
4 | To transcribe audio or video files. | Content Data. | Performance of a contract with you. Necessary to comply with a legal obligation. | Until such time as you delete the transcription or your account. | To help us store transcriptions, we share this data with organisations such as Atlas (t/a MongoDb Inc.), Transloadit Limited and Linode, Inc. or its affiliates. | Atlas, Linode, Inc. or its affiliates store this data in the USA. To ensure this transfer is lawful, we rely on the fact that we have contracts in place (i.e. the Standard Contractual Clauses) which is approved by the European Commission and gives personal data the same protection it has in Europe. |
5 | To manage our relationship with users which will include notifying users about changes to our terms or privacy policy. | Identity Data, Contact Data, Technical Data and Profile Data. | Performance of a contract with you. Necessary to comply with a legal obligation. | Until such time as you delete your account. | We may use third party CRM providers such as HubSpot Inc. to manage our sales and marketing activities. | HubSpot Inc. stores this data in the USA. To ensure this transfer is lawful, we rely on the fact that HubSpot Inc. is certified as complying with the EU-US Data Privacy Framework regime. |
6 | To administer and protect our business and the Platform (e.g. making users aware of new features or system issues, troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). | Identity Data, Contact Data and Technical Data. | Necessary for our legitimate interests (i.e. for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise). Necessary to comply with a legal obligation. | Until such time as you delete your account and a reasonable period thereafter. | We may share this data with organisations such as:Functional Software, Inc. (t/a Sentry) to help identify web application crashes that affect a given user; andMixpanel Inc. to provide user behavior tracking and in-app messaging.LogRocket, Inc. to provide user session debugging | Functional Software, Inc. (t/a Sentry) and Mixpanel Inc. may store this data in the USA. To ensure this transfer is lawful, we rely on the fact that Functional Software, Inc. (t/a Sentry) and Mixpanel Inc. are certified as complying with the EU-US Data Privacy Framework regime. CrowdPrisma has executed a GDPR-compliant DPA with LogRocket, Inc. |
7 | To use data analytics to improve our Platform, services, marketing, customer relationships and experiences. | Technical Data and Usage Data. | Necessary for our legitimate interests (i.e. to define types of customers for our services, to keep our Platform updated and relevant, to develop our business and to inform our marketing strategy). | As there is an annual seasonality in our business, we will retain data for analytics purposes for 3 years. | We may share this data with organizations such as Functional Software, Inc. (t/a Sentry) and Mixpanel Inc. for analytics and error tracking purposes. This helps us improve our Platform. | Functional Software, Inc. (t/a Sentry) and Mixpanel Inc. may store this data in the USA. To ensure this transfer is lawful, we rely on the fact that Functional Software, Inc. (t/a Sentry) and Mixpanel Inc. are certified as complying with the EU-US Data Privacy Framework regime. |
8 | Asking you to leave a review or take a survey. | Identity Data, Contact Data, Technical Data and Profile Data. | Processing is necessary for our legitimate interests (i.e. to understand the requirements of our clients). | For as long as we are using such data to improve our services and for a reasonable period afterwards. | We may use third parties to help us conduct surveys. | We may use services which store your personal information in the USA or elsewhere. Where we do so, we will ensure that the transfer is lawful. |
We also collect, use and share aggregated data such as statistical or demographic data for our business purposes. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
When you use the Website, we may send one or more “cookies” – a small data file – to your browser which are then stored on your computer. Cookies do not cause harm to your computer or the files stored on it. Cookies may include a very short alphanumeric text that help the more efficient operation of the Platform. You can instruct your browser to accept or reject all cookies, or indicate when a cookie is being sent. However, some features of the Website may not function properly if the ability to accept cookies is disabled.
Where we send electronic marketing communications we will provide an option to unsubscribe or opt-out of further communication, or you may opt out by contacting us at support@crowdprisma.com.
We will not sell your personal data (or any other data you provide us with) to third-parties for marketing purposes.
Personal information of respondents in a survey you upload All personal and sensitive information of survey respondents need to be excluded from all datasets uploaded to the Platform. Even though we run some simple checks on the dataset you submit for analysis in order to spot and delete any uploaded email addresses or names, we do not treat any of the accidentally included identifiable information differently. Therefore, it is your responsibility to provide us completely anonymous survey responses.
How personal data are collected We may obtain personal data about you in two main ways:
- Direct interactions. You may, for example, provide us with your personal data by filling in forms on our Website, by corresponding with us by post, phone, email or otherwise, or by providing us with your business card at an event. It includes personal data provided to us when an account is created or you subscribe to use our Platform.
- Automated technologies. Personal data may be collected automatically (such as the automatic recognition of your IP address or placement of cookies on your device).
Where we store your personal information The personal data that we collect from you is likely to be transferred to and stored at a destination outside of the European Economic Area (“EEA”). This data may also be processed by staff operating outside of the EEA who work for us or for one of our business partners or service providers. Further information is provided in the table above. Please contact us at support@crowdprisma.com if you would like further details on the specific safeguards applied to the export of your personal data outside the EEA.
Disclosure of your information We may also disclose your personal information to third parties in the following circumstances:
Purpose of disclosure and third party(s) to which disclosure might be made | Use justification |
---|---|
If you request we do so | You have provided your consent |
If Holborn LLC or substantially all of its assets are acquired by a third party, personal information about our customers will be one of the transferred assets. | Legitimate interests (i.e. to dispose of our business). |
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to protect the rights, property, or safety of Holborn LLC, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection. | Processing is necessary for compliance with a legal obligation, or processing is necessary in order to protect the vital interests of a natural person. |
We may disclose your personal information to third parties, the courts and/or regulators or law enforcement agencies in connection with proceedings or investigations anywhere in the world where we are compelled or believe it is reasonable to do so. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime. | Processing is necessary for compliance with a legal obligation, or processing is necessary in order to protect the vital interests of a natural person. Alternatively, legitimate interests (i.e. to cooperate with law enforcement and regulatory authorities). |
Your rights Under the General Data Protection Regulation (EU) 2017/676, you have various rights in relation to your personal data. All of these rights can be exercised by contacting us at support@crowdprisma.com.
You have the following rights in relation to your personal data: | Rights |
---|---|
Rights of Access | You have the right to obtain from us confirmation as to whether your personal data are being processed and, where that is the case, access to such personal data. |
Right to Rectification | We will use reasonable endeavors to ensure that your personal information is accurate. In order to assist us with this you should notify us of any changes to the personal information that you have provided to us by sending us a request to rectify your personal data where you believe the personal data we have is inaccurate or incomplete. |
Right to erasure / 'Right to be forgotten' | Asking us to delete all of your personal data will result in us deleting your personal data without undue delay (unless there is a legitimate and legal reason why we are unable to delete certain of your personal data, in which case we will inform you of this in writing). |
Right to restriction of processing | You have the right to ask us to stop processing your personal data at any time. |
Right to data portability | You have the right to request that we provide you with a copy of all of your personal data and to transmit your personal data to another data controller in a structured, commonly used and machine-readable format, where it is technically feasible for us to do so. |
Right to complain | You have the right to lodge a complaint to a supervisory authority such as the Information Commissioner's Office in the UK (see www.ico.org.uk). Although we encourage our customers to engage with us in the event they have any concerns or complaints. |
We will not ordinarily charge you in respect of any requests we receive to exercise any of your rights detailed above; however, if you make excessive, repetitive or manifestly unfounded requests, we may charge you an administration fee in order to process such requests or refuse to act on such requests. Where we are required to provide a copy of the personal data undergoing processing this will be free of charge; however, any further copies requested may be subject to reasonable fees based on administrative costs.
Where you request us to rectify or erase your personal data or restrict any processing of such personal data, we may notify third parties to whom such personal data has been disclosed of such request. However, such third party may have the right to retain and continue to process such personal data in its own right, for example to comply with its legal obligations.
Children under the age of 16 The Website is not aimed at children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are under 16, please do not use our services or provide any information to us through the Website. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at support@crowdprisma.com.
Security Measures We have implemented appropriate technical and organizational measures designed to secure your personal data from accidental loss and from unauthorized access, use, alteration, and disclosure. The safety and security of your information also depend on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website or Platform, you are responsible for keeping this password confidential.
Data Breach Notification In the unlikely event of a data breach, we will notify affected individuals and any applicable regulator when we are legally required to do so.
Changes to this policy Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, we will notify you, by email, or by means of a notice on our home page. Your continued use of the Website will be deemed acceptance by you of the privacy policy. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you and for periodically visiting this privacy policy to check for any changes.