LATTICEWORK, INC. PRIVACY NOTICE EFFECTIVE: April 08, 2019 Latticework, Inc., a Delaware corporation (“LatticeWork”, “we”, “us”, or “our”) provides personal data storage products (the “Products”) and software applications available for macOS and Windows computers and iOS and Android mobile devices (the “Applications”) and related services, including, cloud data storage and hosting services that we provide in connection with the Products and Applications (all of the foregoing, collectively referred to as the “Amber Platform”). Please read this Privacy Notice carefully to understand our policies and practices regarding our collection and use of your information. In order to provide our Services, we collect and process certain personal information. This Privacy Notice (“Privacy Notice”) is intended to help you better understand how we process your personal information, and governs how LatticeWork may collect, use, store and disclose personal information that we obtain through or from the following (collectively referred to as, the “Services”):
- Visit or use the LatticeWork website located at www.latticenest.com, www.latticehome.com, www.myamberlife.com, www.latticeworkinc.com, www.myamber.cloud or any other websites or domains owned or operated by LatticeWork on which an authorized link to this Privacy Notice is posted (the “Sites”);
- Purchase and use the Products and/or Services;
- Install, access and/or use the Applications;
- Access and use the Amber Platform;
- Visit or interact with our social media channels;
- Subscribe to our newsletters, marketing campaigns or participate in our surveys or giveaways;
- Contact our customer support; or
- Otherwise interact with us in your capacity as a customer or prospective customer.
We recommend that you read this Privacy Notice carefully as it provides important information about your personal data. It also tells you about your rights under the law that may protect you. This Privacy Notice is a part of and incorporated into the LatticeWork Terms of Service (the “Terms”). If any provision of this Privacy Notice is inconsistent or conflicts with any provision in the Terms, this Privacy Notice will control with respect to the subject matter hereof. By accessing or using the Services, or submitting information through the Services, you understand that you allow us to identify you, and you acknowledge and agree that you have read, understand, and agree to the terms of this Privacy Notice and agree to the collection, use, and disclosure of your personal information in accordance with this Privacy Notice. IF YOU DO NOT AGREE WITH OUR POLICIES AND PRACTICES, UNLESS OTHERWISE STATED, YOUR CHOICE IS NOT TO USE OR ACCESS THE SERVICES. This Privacy Notice is designed so that you can easily reach the section that you are interested in. You can also print the complete text of our Privacy Notice.
Changes to this Privacy Notice If you have any questions, comments, or concerns regarding this Privacy Notice and/or our data practices, or would like to exercise your rights, do not hesitate to contact us. See How to Contact Us About Privacy and Additional Legal Rights For Users in the European Economic Area below.
Who We Are
When we refer to or use “LatticeWork”, “we”, “us”, or “our” throughout this Privacy Notice it means Latticework, Inc., a Delaware Corporation. You can contact LatticeWork at: email@example.com or Latticework, Inc. 2210 O’Toole Ave, Suite 250 San Jose, CA 95131 United States of America Attention: Privacy
What Personal Information Do We Collect and How It Is Collected
Personal data, or personal information, means any information about an individual from which that person may be identified. For example, it may include your name, telephone number, email address, or payment information, and in some jurisdictions your IP address. It does not include data from which the identity of an individual has been definitively removed along with any identifiers connected to such individual (also known as anonymous or anonymized data). We will inform you when your information is required in order to process a request, respond to your queries or provide you with our Services. Note that if you do not provide this information, it may delay or prevent us from processing your request, responding to your query or providing our Services to you.
Information That You Provide to Us
How we collect personal information directly from you depends on how and why you use the Services. For instance, the information that you provide when you visit our Sites is more limited than the information you provide if you have registered to use the Amber Platform. Please be advised that we may ask you to update your information from time to time in order to keep it accurate. IMPORTANT – PLEASE NOTE if you provide personal data to us about someone else, you must ensure that you have the right to disclose that information to us and that, without us taking any further steps required by data protection laws, we may collect, use and disclose such information for the purposes described in this Privacy Notice. For example, you should ensure the individual concerned is aware of the terms detailed in this Privacy Notice. If you allow another person to sign into your account, you assume to take full responsibility for the actions of that individual on your account. Account & Log in Information When you register an account to access and use the Amber Platform you are required to provide us your email address. In addition, when you access your account you provide us your log in ID and password and/or other security codes. You may also provide us with voluntary information, for example, your first and last name, and certain preferences (e.g., language preferences). User Content and Information We collect the content and other information, for example photos and documents, you provide when you use our Products and Applications. This can include information in or about the content you provide (like metadata), such as the location of a photo or the date a file was created. Direct Communications with us, Feedback and Support If you provide us feedback or contact us via e-mail or through our “contact-us” forms, or in connection with support related inquiries, we will collect your first and last name, e-mail address and any information requested in our “contact-us” forms or support forms, as well as any other content included in the feedback or your e-mail or in the contact-us” support inquiries you send to us. Surveys, Giveaways and Marketing Campaigns If you participate in our surveys, giveaways, or marketing campaigns, we may collect your name, mailing address, email, images and/or videos from which you may be identified, pictures and any other information requested and/or required with respect to your participation in the surveys, giveaways, and marketing campaigns. Additional Services and Communications We may provide certain additional services and/or communications if you select such additional services and/or communications by opting-in to such additional services and/or communications offered to you by us, including, for example, using certain buttons provided in the user interface of the Sites and/or the Applications.
Information Collected Indirectly
Mobile and Computer Device Information When you use or interact with the Services, using a computer or a mobile device, or connect to or access the Amber Platform via the Apps, we, or our authorized third-party service providers, automatically collect information about the device in which you access and use the Amber Platform. For example, we may collect the following device information: Hardware model, IMEI number and other unique device identifiers, MAC address, IP address, operating system version, and settings of the device you use to access the Services. Product Usage Information When you use the Products, we collect certain information directly from the Products themselves:
- Product Usage and Performance Information: We collect information about your use of the Products, including activities you perform using the Application, and activities we perform in connection with the Products. We also collect technical data from sensors built into the Products, which allow us to detect certain information such as Product performance.
- Technical Information from the Product: In order to improve your experience over time and help troubleshoot any problem you may encounter with the Products and/or Applications, we record device model and serial number, software version, and technical information such as sensor status, Wi-Fi connectivity, error logs, power status and battery charge level, and whether product features are working properly.
- Wi-Fi Network Information: To use your Product as part of, and in connection with, the Amber Platform, or to access your Product over the Internet from a computer, a smartphone or a tablet, you will need to connect it to your Wi-Fi network. During setup, the Product will ask for your Wi-Fi network name (SSID) and password to connect to the Internet. It will save this information on the device, along with your IP address, so that you can access it and control it from your computer, smartphone or tablet, and so that it can communicate with our servers and download software updates. Once connected to your Wi-Fi network, your Product regularly sends the data described above (excluding your Wi-Fi SSID and password) to LatticeWork so that we may provide you the Amber Platform.
- Product and Software Health Information: We automatically collect certain information related to the health/reliability of the products we offer to you. For example, if you own an Amber device, we automatically collect information pertaining to the Amber hardware reliability metrics such as hard disk drive Smart Data. We may also automatically collect major software failure diagnostic information. We do this to continually improve the quality of our products and provide pro-active notification and follow up services to protect your data. We design the logs we automatically collect to contain non-personal information, though we do know who owns any particular device through the registered administrator or owner of the device. We also create logs on your devices that may contain personal information such as user names and file names. These logs can help us determine issues you encountered related to support request you submit to us. These logs will stay on your devices for a certain period of time. If we determine that we need to review these logs, we may ask you to activate the transfer of these logs to our support personnel, but you have the ultimate control of whether to act on our request or not.
Information from Third Parties
In some instances, we process personal information from third parties, which consists of, data and information from our partners, such as transactional data from providers of our e-commerce and payment services. For example, we do not directly collect your payment information and we do not store your payment information. We use Shopify as our e-commerce platform and Stripe, a third-party, PCI-compliant, payment processor, which collects payment information on our behalf in order to complete transactions. While our administrators are able to view and track actual transactions via the Shopify and/or Stripe customer portal, with the exception of the last 4 digits of your credit card, credit card type, zip code and expiration date, we do not have access to or process your credit card information. Please review Shopify’s and Stripe’s Privacy Notice to learn more about how Shopify and Stripe collects, processes and protects your personal information.
LatticeWork does not (and does not want to) collect any sensitive data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic, and biometric data. We do not collect any information about criminal convictions and offenses.
LatticeWork does not target the Sites or the Amber Platform to, and they are not intended for use by, children under the age of thirteen (13) or the equivalent minimum age in the relevant jurisdiction. Furthermore, we do not knowingly collect personal information from children under the age of thirteen (13), or the equivalent minimum age in the relevant jurisdiction. As a data storage platform, we understand that families may store photos and documents on the Amber Platform that depict or include personal information of children under the age of thirteen (13) or the equivalent minimum age in the relevant jurisdiction. In this case, by providing such information, you acknowledge, understand, agree and consent to the use of such data and information in accordance with this Privacy Notice. If we learn that personal information of persons under thirteen (13) or the equivalent minimum age in the relevant jurisdiction has been collected on or through the use of Site or the Amber Platform, except in the limited circumstance set forth above, then we may deactivate the account and/or make the such content inaccessible.
Why We Collect Your Personal Information and How We Use It
Our mission is to provide a safe, efficient and high-quality Service, and we, or our authorized third party service providers who assist us in providing the Services, process your personal information for this purpose. We process your personal data for the following reasons:
- In order to perform the Services under the contract we are about to enter into or have entered into with you. For example, when you register to use our Services, that’s a contract. This may also include disclosure to the third parties who help us perform our obligations to you in connection with your use of the Amber Platform, such as payment processors.
- Where it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests. For example, when we carry out fraud screening.
- Where we need to comply with a legal or regulatory obligation. For example, keeping records of our sales for tax compliance.
- If we have obtained your prior consent (for example, when you subscribe to our newsletter or participate in our surveys or marketing campaigns). Please note that for this specific legal basis, you have the right to withdraw your consent at any time.
Specifically, and depending on how you use the Services, we use your personal data in the following instances and for the noted reasons:
- Provide you with our Services (performance of a contract);
- Conduct checks to verify identity (performance of a contract or sometimes necessary for our legitimate interests);
- Send you direct marketing communications regarding LatticeWork’s products and services that we may think are of interest to you, unless you have otherwise opted out (for our legitimate business purposes and with your prior consent where you are not an existing customer);
- Respond to your queries and requests, or otherwise communicate directly with you (performance of a contract or sometimes necessary for our legitimate interests);
- Detect any fraudulent or illegal activity against you and/or LatticeWork (necessary for our legitimate interests);
- Perform system maintenance and upgrades, and enable new features (performance of a contract or sometimes necessary for our legitimate interests);
- Conduct statistical analyses (necessary for our legitimate interests);
- Provide information to regulatory bodies when legally required, and only as outlined below in Legal Obligations and Security (necessary for compliance with a legal obligation).
If you are an existing customer, and have not otherwise opted out, or if you have opted in to receive direct marketing emails from us, we may use your personal information to send you marketing information. For instance, when you request information about the Services, you will be asked if you wish to opt in to receive marketing communications from us for our products and services. This is what we call direct marketing. We carry out direct marketing by email. Unless you are an existing customer or a prospective customer, we rely on your consent to process the personal data you provide to us for this purpose. Therefore, if you no longer wish to receive such information, you have the right at any time to opt out of marketing emails and withdraw your consent at any time. The easiest way to opt out is to use the unsubscribe link that you will find at the bottom of each communication. You may also manage your preferences as further explained in Managing Your Preferences.
Managing Your Preferences
Direct Marketing As explained above, LatticeWork enables you to manage your marketing preferences by clicking on a link contained in each electronic communication sent to you. Please use your preference settings to inform us of how you would like to receive marketing communications. Updates to your privacy preference information will be submitted once you have confirmed your changes. Cookies Outside the Site and Amber Platform, you may also manage your cookie and tracking preferences as follows:
- Turning off cookies in the preferences settings in your browser. For more information or additional guidance, please click here;
- Downloading the Google Analytics opt-out browser add-on here;
- Turning on the Do Not Track (“DNT”) setting in your browser, which will enable your browser to send a special signal to websites, analytics companies, plug in providers, and other web services you encounter while browsing to stop tracking your activity. To turn on your DNT signal, please click here.
Disclosure of Your Personal Information
Regardless of how you use the Services, we never sell or rent your personal data, and only disclose it to authorized third parties to the extent strictly necessary, as explained in this section. Aside from disclosing your information to those of our employees who are authorized to process the information in order to provide our Services and are committed to confidentiality, we disclose your personal information only to the third parties indicated below (and for the following reasons):
- Companies that do things to help us provide the Services: hosting service providers, user engagement and customer support providers, payment service providers, communication tools, and analytics tools;
- Professional service providers, such as auditors, lawyers, consultants, accountants and insurers;
- Governments, regulators, law enforcement and fraud prevention agencies, so we can help tackle and comply with law enforcement, but only as authorized in this Privacy Notice (see Legal Obligations and Security); and
- In the event of a business transfer.
Third-Party Service Providers
Specifically, depending on how you use the Services, the following third parties collect data on our behalf or receive your personal data in order to assist us in providing our Services:
- Google Analytics to perform analytics on the Sites (see how to opt out here);
- Shopify, an ecommerce platform where you can purchase our Products
- Stripe, a subscription and payment service provider;
- Mailchimp, which sends emails on our behalf;
- Facebook, Twitter, LinkedIn, Adroll, and Hotjar, for usage and visitor analytics and to advertise our Products, Applications, Services and Amber Platform on other websites;
- Drift, to provide chat capabilities with visitors to the Sites;
- Zendesk, to provide customer support capabilities;
- Instabug, to provide bug and error reporting with respect to the Site and Applications.
To provide the Services and other various services to you, we may use the efforts of our parent company, and any subsidiaries, joint ventures, or other companies, existing or formed in the future, under a common control (collectively, “Affiliates”). We may share some or all of your Personal Information with our Affiliates in which case we will require our Affiliates to comply with this Privacy Notice.
We may also share data with third parties to whom we choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice or as updated.
Legal Obligations and Security
Subject to the limitations in this Section 8(c), we will preserve, use, or disclose your personal data if we believe that it is necessary to comply with a law, regulation, legal process, or legitimate governmental request; to protect the safety of any person; to protect the safety or security of our Service or to prevent spam, abuse, or other malicious activity of actors on our Service; or to protect our rights or property or the rights or property of those who use our Services. Non-public information about our users will not be released to law enforcement except in response to an appropriate legal process such as a subpoena, court order, or other valid legal process that has been reviewed by LatticeWork. If, however, we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), to be determined on a case-by-case basis.
Third Party Links
Third Party Social Plugins
How Long Do We Keep Your Personal Information?
Your personal information is processed for the period necessary to fulfill the purposes for which it is collected, to comply with legal and regulatory obligations and for the duration of any period necessary to establish, exercise or defend any legal rights. In order to determine the most appropriate retention periods for your personal information, we consider the amount, nature and sensitivity of your information, the reasons for which we collect and process your personal data, and applicable legal requirements. For example,
- Personal data is stored for the duration of the commercial relationship and then retained only as required to satisfy applicable contractual, legal and financial retention obligations, after which it is deleted or archived (only if necessary to comply with legal retention obligations for the latter);
- Usage information is stored for ten years to comply with contractual and security requirements.
In some circumstances, you can ask us to delete your data. See Additional Legal Rights For Users in the European Economic Area below for further information. Some exceptions from static retention periods may occur. For instance, we cannot delete personal data when there are legal obligations to retain it (e.g. arising from tax or commercial law). This is particularly true of financial data and payment information. Additionally, we cannot delete personal data when it is needed for the establishment, exercise or defense of legal claims (also known as a “litigation hold”). In this case, the personal data will be retained as long as needed for exercising respective potential legal claims. In some instances, we may choose to anonymize your personal data instead of deleting it, for statistical use, for instance. When we choose to anonymize, we make sure that there is no way that the personal data can be linked back to you or any specific user.
Protecting Your Personal Data
We have put in place appropriate security measures designed to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. For example, we use encryption, secure socket layer, firewalls, and password protection. In addition, we require VPN authentication for all employees and contractors who may access your data to provide our Services, and we limit access to those employees, agents, contractors and the third parties who have a business need-to-know. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. We also require those parties to whom we transfer your personal information to comply with the same. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure, and while we take all reasonable steps necessary to provide the most secure Service, by using the Services, you assume the risks associated with your activities on the internet.
While LatticeWork is committed to protecting your privacy, it is your responsibility to ensure that to the best of your knowledge the information and data you provide us is accurate, complete and up-to-date. It is also your responsibility that in the event you share personal information of other people with us, you collect such personal information in compliance with local legal requirements and that you have the appropriate consent to share such personal information. At a minimum, you should inform any such people about this Privacy Notice and obtain their consent prior to sharing their Personal Information with LatticeWork or through the Services.
Additional Legal Rights For Users in the European Economic Area
If the GDPR applies to you because you are in the European Economic Area, you have certain rights in relation to your personal data:
- The right to be informed – that’s an obligation on us to inform you how we use your personal data (and that’s what we’re doing in this Privacy Notice);
- The right of access – that’s a right to make what’s known as a ‘data subject access request’ for a copy of the personal data we hold about you;
- The right to rectification – that’s a right to make us correct personal data about you that may be incomplete or inaccurate (though we generally recommend first making any changes in your account settings);
- The right to erasure (also known as the ‘right to be forgotten’) – that’s where in certain circumstances you can ask us to delete the personal data we have about you (unless there’s an overriding legal reason we need to keep it);
- The right to restrict processing – that’s a right for you in certain circumstances to ask us to suspend processing personal data;
- The right to data portability – that’s a right for you to ask us for a copy of your personal data in a common format (for example, a .csv file);
- The right to object – that’s a right for you to object to us processing your personal data (for example, if you object to us processing your data for direct marketing); and
- Rights in relation to automated decision-making and profiling – that’s a right you have for us to be transparent about any profiling we do, or any automated decision-making.
These rights are subject to certain rules around when you can exercise them. If you are located in the European Economic Area and wish to exercise any of the rights set out above, please contact us (see How to Contact Us About Privacy). You will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We will respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law. In addition, if you no longer wish to receive our marketing/promotional information, we remind you that you may withdraw your consent to direct marketing at any time directly from the unsubscribe link included in each electronic marketing message we send to you. If you do so, we will promptly update our databases, and will take all reasonable steps to meet your request at the earliest possible opportunity, but we may continue to contact you to the extent necessary for the purposes of providing our Services. Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority so please contact us first. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact us using the details in How to Contact Us About Privacy below.
How to Contact Us About Privacy
If you have any questions about this Privacy Notice, have additional questions, or would like to exercise any of your rights, please contact us at: (i) firstname.lastname@example.org, if you are located in the European Economic Area, and (ii) email@example.com, if you are located outside the European Economic Area. You may also write us at: Latticework, Inc., 2210 O’Toole Ave., Suite 250, San Jose, California, 95131, United States of America; Attention: Privacy.
Changes to this Privacy Notice
LatticeWork may need to update this Privacy Notice from time to time. If so, we will post an updated Privacy Notice on our Service along with a change notice on the Services. If we make significant changes, we may also send registered users a notice that this Privacy Notice has been changed. We encourage you to review this Privacy Notice regularly for any changes. Your continued use of the Services and/or your continued provision of personal data to us after the posting of such notice will be subject to the terms of the then-current Privacy Notice. © 2019 Latticework, Inc.