1. Data Controller
1.1 “Referit,” “we,” “us,” “our,” or the “Company” means Referit Limited, of 73 Manchester Street, Christchurch, New Zealand company number 8145338
2. Processing activities covered
2.2 Visiting our offices;
2.3 Receiving communications from us, including emails, texts or fax;
2.4 Registering for our events;
2.5 Participating in community and open source development;
3. What Personal Data do we collect?
3.1 The data we collect from you. The Personal Data that we collect directly from you may include the following:
3.1.1 if you express an interest in obtaining additional information about our services, request customer support, use our “Contact Us” or similar features, register to use our websites, sign up for an event or webinar, or download certain content, we generally require you to provide us with your contact information, such as your name, job title, company name, address, phone number, email address, or username and password;
3.1.2 if you make purchases via our websites or register for an event, we may also require you to provide us with financial information and billing information, such as billing name and address, credit card number, or bank account information;
3.1.3 if you attend an event, we may, upon your consent, scan your attendee badge which will provide us with your name, title and company name, address, country, phone number and email address;
3.1.4 if you register for an online Engagement hub that we host, we may ask you to provide a username, photo and/or biographical information, such as your occupation, social media profiles, company name, and areas of expertise;
3.1.5 if you use and interact with our websites, we automatically collect log files and other information about your device and your usage of our websites through cookies, web beacons or similar technologies, such as IP addresses or other identifiers, which may qualify as Personal Data (view the “What device and usage data we process” section below);
3.1.6 if you visit our offices, you may be required to register as a visitor and to provide your name, email address, phone number, company name and time and date of arrival.
3.1.7 at Referit, we value the privacy of our users and are committed to collecting, using, and disclosing personal information in a responsible and transparent manner.
In connection with our services, we may collect and process information about your contacts and images stored on your device. This information is used to improve the functionality and user experience of our services.
We will only collect and process your contact and image information with your consent. We will not share your contact information with third parties without your explicit consent, except as required by law.
We take steps to secure your personal information and protect it from unauthorized access or misuse.
3.2 Personal Data we collect from other sources. We may also collect information about you from other sources, including third parties from whom we have purchased Personal Data, and combine this information with Personal Data provided by you. This helps us to update, expand and analyse our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you. In particular, we collect Personal Data from the following sources:
3.2.1 Business contact information, including mailing address, job title, email address, phone number, ‘intent data’ which is web user behavioural data, IP addresses, social handles, LinkedIn URL and custom profiles from third party data providers for the purposes of targeted advertising, delivering relevant email content, event promotion and profiling;
3.2.2 Referit uses commercially available platforms to manage code check-ins and pull requests. If you participate in an open source or community development project, we may associate your code repository username with your community account so we could inform you of program changes that are important to your participation or additional security requirements.
4. What device and usage data we process?
We use common information-gathering tools, such as log files, cookies, web beacons and similar technologies to automatically collect information, which may contain Personal Data, from your computer or mobile device as you navigate our websites or interact with emails we have sent you.
4.1 Log Files
As is true of most websites, we gather certain information automatically via log files. This collected information may include your Internet Protocol (IP) address (or proxy server), device and application identification numbers, your location, your browser type, your Internet service provider and/or mobile carrier, the pages, and files you viewed, your searches, your operating system and system configuration information, and date/time stamps associated with your usage. This information is used to analyse overall trends, to help us provide and improve our websites and to guarantee their security and continued proper functioning. We also collect IP addresses from users when they log into the services as part of the Company’s security features.
4.2 Cookies, web beacons and other tracking technologies
When you visit our websites, our servers or an authorized third party may place a cookie on your browser, which can collect information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track overall usage, determine areas that you prefer, make your usage easier by recognizing you and providing you with a customized experience.
We use both session-based and persistent cookies. Session cookies exist only during one session and disappear from your computer when you close your browser software or turn off your computer. Persistent cookies remain on your computer or device after you close your browser or turn off your computer.
We also use web beacons on our websites. For example, we may place web beacons in marketing emails that notify us when you click on a link in the email that directs you to one of our websites. Such tracking technologies are used to operate and improve our websites and email communications and track the clicking of links or opening of emails.
4.3 Notices on behavioural advertising and opt-out
As described above, we or third parties may place or recognize a unique cookie on your browser when you visit our websites for the purposes of serving you targeted advertising (also referred to as “online behavioural advertising” or “interest-based advertising”). To learn more about targeted advertising, advertising networks and your ability to opt out of collection by certain third parties, please visit the opt-out pages of the Network Advertising Initiative, here, and the Digital Advertising Alliance, here.
To manage the use of targeting or advertising cookies on this website, consult your individual browser settings for cookies. Various browsers may offer their own management tools for removing HTML5 local storage.
4.4 Opt-Out from the collection of device and usage data
You may opt-out from the collection of device and usage data (see “What device and usage data we process” section above) by managing your cookies at the individual browser level. In addition, if you wish to opt-out of interest-based advertising contact us. Please note, however, that by blocking or deleting cookies and similar technologies used on our websites, you may not be able to take full advantage of the website.
While some internet browsers offer a “do not track” or “DNT” option that lets you tell websites that you do not want to have your online activities tracked, these features are not yet uniform and there is no common standard that has been adopted by industry groups, technology companies or regulators.
Therefore, we do not currently commit to responding to browsers’ DNT signals with respect to our websites. Referit takes privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.
4.5 Social Media Features
Our websites may use social media features, such as the Facebook “like” button, the “Tweet” button and other sharing widgets (“Social Media Features”). You may be given the option by such Social Media Features to post information about your activities on a website to a profile page of yours that is provided by a third-party social media network in order to share with others within your network. Social Media Features are either hosted by the respective social media network or hosted directly on our website. To the extent the Social Media Features are hosted by the respective social media networks, the latter may receive information that you have visited our website from your IP address. If you are logged into your social media account, it is possible that the respective social media network can link your visit of our websites with your social media profile.
Referit also allows you to log in to certain of our websites using sign-in services such as Facebook Connect. These services will authenticate your identity and provide you the option to share certain Personal Data with us such as your name and email address to pre-populate our sign-up form.
Your interactions with Social Media Features are governed by the privacy policies of the companies providing the relevant Social Media Features.
4.6 Telephony log information
If you use certain service features, we may also collect telephony log information (like phone numbers, time and date of calls, duration of calls, SMS routing information and types of calls), device event information (such as crashes, system activity, hardware settings, browser language), and location information (through IP address, GPS, and other sensors that may, for example, provide us with information on nearby devices, Wi-Fi access points and cell towers).
5. Purposes for which we process Personal Data and the legal basis on which we rely
We collect, process your Personal Data for the purposes and on the legal bases identified in the following:
5.2 Promoting security of our websites: We will process your Personal Data by tracking use of our websites, creating aggregated, non-personal data, verifying accounts and activity, investigating suspicious activity, as well as violations of and enforcement of our terms and policies, to the extent this is necessary for the purpose of our legitimate interests in promoting the safety and security of the systems and application used for our websites, and protecting our rights and the rights of others;
5.3 Managing user registrations: We will process your Personal Data by managing your user account for the purpose of performing the contract with you according to any applicable terms of service;
5.4 Handling contact and user support requests: If you fill out a “Contact Me” web form, request user support, or if you contact us by other means, we will process your Personal Data for the performance of our contract with you and to the extent it is necessary for the purpose of our legitimate interests to fulfil your request and communicate with you;
5.5 Managing event registrations and attendance: We will process your Personal Data to plan and host the event or webinar, including related communication with you, on basis of the performance of our contract with you;
5.6 Managing payments: If you have provided financial information, we will process your respective Personal Data to check the financial qualifications and collect payments to the extent this is necessary for completing transaction with you under the contract entered into with you;
5.7 Developing and improving our websites: We will process your Personal Data to analyse trends, track your usage of our websites and interactions with emails to the extent this is necessary for our legitimate interests to develop and improve our websites and to provide our users with more relevant and interesting content;
5.8 Managing office visitors: We will process your Personal Data for security reasons, to register who visited our offices and who signed the
non- disclosure agreement that visitors may be required to sign.
5.9 Displaying personalized advertisements and content: We will process your Personal Data to conduct marketing research, advertise to you, provide personalized information about us on and off our websites, and other personalized content based upon your activities and interests to the extent it is necessary for our legitimate interests to advertise our websites or, where necessary, to the extent you have provided your prior separate consent (please also view “Your rights relating to your Personal Data” below to learn how you can control how your Personal Data is processed by Referit for marketing purposes);
5.10 Sending marketing communications: We will process your Personal Data to send you marketing information, product recommendations and other non-transactional communications (e.g., marketing newsletters, SMS, or push notifications) about us and our affiliates and partners, including information about our products, promotions or events as necessary for our legitimate interests to conduct direct marketing or to the extent you have provided your prior separate consent (please also view “Your rights relating to your Personal Data” section below to learn how you can control how your Personal Data is processed by Referit for marketing purposes);
5.11 Where we need to collect and process Personal Data by law, or under a contract we have entered into with you and you fail to provide that required Personal Data when requested, we may not be able to perform the contract.
5.12 Our use of information received from Gmail APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
6. Who do we share Personal Data with?
We may share your Personal Data with the following recipients:
6.1 Our contracted service providers which provide services such as IT and system administration and hosting, credit card processing, research and analytics, marketing, customer support and data enrichment; such service providers comprise companies located in the countries in which we operate.
6.2 If you attend an event or webinar organized by us, we may share your information with sponsors of the event if: (1) you consent to such sharing via an event registration form; or (2) you allow your attendee badge to be scanned at a sponsor booth. In that event, your information will be subject to the business partners’ respective privacy statements. If you do not wish for your information to be shared, you may choose not to opt-in via event registration or elect not to have your badge scanned at our events;
6.3 We may also share your Personal Data with other affiliates within the Referit corporate group to the extent this is necessary to fulfil a request you have submitted via our websites, or for customer support, marketing, technical operations and account management purposes;
6.4 In individual cases we may also share Personal Data with professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in countries in which they provide consultancy, banking, legal, insurance and accounting services: (a) necessary to provide or improve user-facing features that are prominent from the requesting App’s user interface, (b) to comply with applicable laws, or (c) a part of a merger, acquisition or sale of Our assets.
6.5 If we are involved in a merger or reorganization, sell a website or business unit, or if all or a portion of our business, assets or stock are acquired by another company, we may transfer some or all of your Personal Data to such third party. In accordance with applicable laws, we will use reasonable efforts to notify you of any such transfer of Personal Data to an unaffiliated third party as processing of your Personal Data will be required for the purposes set out in “Purposes for which we process Personal Data and on which legal bases” section above;
6.6 Any Personal Data or other information you choose to submit in communities, forums, blogs, or chat rooms on our websites may be read, collected, and/or used by others who visit these forums, depending on your account settings.
6.7 We may share anonymous and aggregated usage data and reports in the normal course of operating our business; for example, we may share information with other Services users, our customers or publicly to show trends or benchmark the general use of our Services.
7.International transfer of information collected
Your Personal Data may be collected, transferred to, and stored by us in the United States and by our affiliates in other countries where we operate.
Therefore, your Personal Data may be processed outside the EEA or the UK, and in countries which are not subject to an adequacy decision by the European Commission, and which may not provide for the same level of data protection in the EEA or the UK. In this event, we will ensure that such recipient offers an adequate level of protection, for instance by entering into standard contractual clauses for the transfer of data as approved by the European Commission. By submitting your Personal Data, you agree to this transfer, storing or processing outside of the EEA or the UK.
Our websites are not directed at children. We do not knowingly collect Personal Data from children under the age of 16. If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us as described in the “Contacting Us” section below and we will take steps to delete such Personal Data from our systems.
9.How long do we keep your Personal Data?
We may retain your Personal Data for a period of time consistent with the original purpose of collection (see “Purposes for which we process Personal Data and on what legal basis” section above). We determine the appropriate retention period for Personal Data on the basis of the amount, nature, and sensitivity of your Personal Data, the potential risk of harm from unauthorized use or disclosure, and whether we can achieve the purposes of the processing through other means, as well as the applicable legal requirements (such as applicable statutes of limitation).
After expiry of the retention periods, your Personal Data will be deleted, however we may retain Personal Data where reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, maintain security, prevent fraud and abuse, resolve disputes, enforce contracts, or fulfil your request to “unsubscribe” from further messages from us. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of the data.
We will retain de-personalised information after your account has been closed.
Please note: After you have closed your account or deleted information from your account, any information you have shared with others will remain visible. We do not control data that other users may have copied. Your profile may continue to be displayed in the services of others (e.g., search engine results) until they refresh their cache.
10.Your rights relating to your Personal Data
10.1 Your rights
You have certain rights regarding your Personal Data, subject to local data protection laws.
These include the following rights:
- to withdraw consent to the processing of your Personal Data;
- to access to your Personal Data;
- to request rectification or deletion of your Personal Data;
- to request a restriction on the processing of your Personal Data;
- to object to the processing of your Personal Data;
- the right to data portability (transfer of your Personal Data).
- the right to withdraw consent to processing of your Personal Data.
10.2 How to exercise your rights
To exercise any of your rights, please contact us in accordance with the “Contacting Us” section below. We will respond to all requests within 30 days and will contact you if we need additional information from you in order to honour your request. If you are an employee of a Referit customer, we recommend you contact your company’s system administrator for assistance in correcting or updating your information. In addition, if you have registered for an account with us, you may generally update your user settings, profile, organization’s settings, or event registration by logging into the applicable website with your username and password and editing your settings or profile. To update your billing information, discontinue your account, and/or request return or deletion of your Personal Data and other information associated with your account, please contact us.
10.3 Your rights relating to Customer Data
Where we process your Personal Data in our role as a processor of a Refer- It customer (see “Responsible Referit entity” section above) if you wish to exercise any rights you may have under applicable data protection laws, please inquire with our customer directly, who is the data controller. Because we may only access our customer’s data upon instruction from the respective customer, if you wish to make your request directly to us, please provide the name of the Referit customer who submitted your data when you contact us.
10.4 Your preferences for marketing communications
If we process your Personal Data for the purpose of sending you marketing communications, you may manage your receipt of marketing and non- transactional communications from us by clicking on the “unsubscribe” link located on the bottom of our marketing emails, by replying or texting ‘STOP’ if you receive SMS communications, or by turning off push notifications on our apps on your device. Additionally, you may unsubscribe by contacting us using the information in the “Contacting Us” section below. Please note that opting-out of marketing communications does not opt you out of receiving important business communications related to your current relationship with us, such as information about your subscriptions or event registrations, service announcements or security information.
We take precautions including organizational, technical, and physical measures, to help safeguard against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, the Personal Data we process or use.
While we follow generally accepted standards to protect Personal Data, no method of storage or transmission is 100% secure. You are solely responsible for protecting your password, limiting access to your devices, and signing out of websites after your sessions. If you have any questions about the security of our websites, please contact us via the “Contacting Us” section below.
12.Links to other websites
Our websites may contain links to other websites, applications and services maintained by third parties. The information practices of such other services are governed by the third-party privacy statements, which we encourage you to review to better understand those third parties’ privacy practices.
Email: [email protected]