Our privacy notice applies across all websites that we own and operate and all services we provide, including all communications across our mobile app, as well as services we may offer such as events or training. For the purpose of this notice, we’ll just call them our ‘services’. If you are a Bulbshare user or a member of any Bulbshare community, this notice applies to you.
If we make any updates or significant changes to this notice, we’ll let you know – either by email or through an in–app push notification.
Who are we
In order for us to provide you with the opportunity to create and share content through the Bulbshare app, we need to collect personal data. Below, you’ll find a definition of what we mean by that.
Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as:
‘Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.’
The personal data we will ask from you will be the following: email address; full name; date of birth; gender; country; city; profile image; biography; phone number; social network account ID.
In the event that Bulbshare wishes to contact you for marketing purposes, we will always ask you for additional consent.
Google profile data
We use this information to improve our dashboard and reporting capabilities. This may include information about your profile follower count which helps understanding the potential reach of that user in the platform. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page.
Youtube API services
In addition to the Bulbshare normal procedure for deleting stored data, you will be able to revoke the data of YouTube API Services via the Google security settings page.
Who has access to your data?
There are two key stakeholders in the Bulbshare process, with regards to accessing and managing your data. These are:
The data controllers and processors: That’s us. We will have access to the data you share with us, and will pass it on to our clients.
The community members: That’s you.
Bulbshare LTD will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. Bulbshare LTD is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
The personal data we collect will be used for the following purposes:
- Login information: To help you efficiently access your information after you sign in and by remembering this information so you will not have to re-enter it during your visit or next time you visit the service.
- Contact Information: As a community member on Bulbshare, we use contact information to make you aware of new ways in which you can participate and engage with the Bulbshare platforms. We will also use contact information to respond to an inquiry which you submit to us. The main ways in which we will contact you will be through the in-app messaging system or email.
- How you use the Bulbshare platform: We use information about how you use our services to improve our services for you and all users. This may include analysing how much you use the application or analysing how you respond to different types of briefs.
- Device and browser data: We use device data both to troubleshoot problems with our service and to make improvements to it.
- Log data: We use log data for the following purposes:
- To monitor abuse and troubleshoot
- To create new services, features, content or make recommendations.
- To track behaviour at the aggregate/anonymous level to identify and understand trends in the various interactions with our services.
- To fix bugs and troubleshoot product functionality.
- Third parties and integrations: We will collect and use information from third parties and integration partners to facilitate community owners in sending new opportunities to engage with the Bulbshare platform to you. Unless required by law, Bulbshare will never transfer data to a third-party without the written permission of the user.
- Machine learning: We will use machine learning techniques on response data, metadata (as described above) and cookie data, in order to provide community owners with useful and relevant insights from the data they have collected using our services, to build features, improve our services and to develop aggregated data products. You can read more about this in relation to community members’ responses below.
- Internal usage: To manage our services we will also internally use your information and data, for the following limited purposes:
- To enforce our agreements where applicable.
- To prevent potentially illegal activities.
- To screen for and prevent undesirable or abusive activity. For example, we have automated systems that screen content for phishing activities, spam, and fraud.
- Legal uses: To respond to legal requests or prevent fraud, we may need to disclose any information or data we hold about you. If we receive a legal request, we may need to inspect the data we hold to determine how to respond.
We may also use your data for correspondence purposes such as account verification, changes/updates to features of the service, new briefs, technical and security notices. In any event, we are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy.
Our use of Community Member Responses (Bulbshares)
In general, community members’ responses to Bulbshare briefs are controlled and managed by the community owner (the organisation who sent or deployed that Bulbshare brief). In those instances Bulbshare is only processing those responses on behalf of the community owner.
Community owner and community member trust is paramount to everything we do and so when we do use data about community members, we put community owners and community members first. When we do analysis of response data we only do so once we have ensured the anonymity of individual respondents (by aggregating and anonymising the data).
Our goal is to improve the user experience across Bulbshare services while maintaining the confidentiality and privacy of responses. Bulbshare uses data in the ways described below, for legitimate interests pursued by the factors which are described in this section.
The data impacted by this section includes: survey type, question type and responses (at an aggregated and anonymised level only).
Bulbshare will use automated processes and machine learning to analyse survey responses, which in turn helps us to:
- Aggregate response data and activity: We will aggregate responses, activity and behaviour of community members so that we can identify trends, build product features that optimise responses, make product recommendations and provide guidance on which products and services work best in different scenarios. These product features also provide feedback and recommendations to increase response rates.
- Extract and analyse usage patterns: By understanding response data and respondent interaction in different types of Bulbshare briefs, we can:
Improve our services and ease of use: for example, we might identify when respondents prefer multiple choice versus open text questions and make predictive response suggestions when certain question types are selected. We might also use this data to help improve analysis of responses.
- Undertake personalisation for community owners and community members (for example, by customising the page on our website which a respondent sees at the end of a survey).
- Improve user experience (for example, by collecting and using device and browser information from community members to improve how our Bulbshare service operates on those devices and in those browsers).
- Identify insightful data trends (which never identifies any individuals).
We do not process any special category data relating to specific users. The personal data we do not process includes:
- Political opinions
- Religious beliefs
- Philosophical beliefs
- Trade union membership
- Genetic data
- Biometric data
- Health data
- Data concerning a natural person’s sex life
- Sexual orientation
Our legal basis for processing personal data:
- Consent by users.
Any legitimate interests pursued by us, or third parties we use, are as follows:
- Bulbshare does not sell or make available specific information about our customers or their clients, except as requested by a valid court order or otherwise required by law.
The purposes of processing Facebook data and deletion of that data
By default, this includes certain User’s Data such as id, name, picture, gender, birth date and locale. The service is using this data to create a fully personalised content feed.
We use your birthday data to confirm your age to only serve relevant content.
We use your gender data to only serve relevant content.
Your email represents your Bulbshare username. We use this data to verify your account.
Deletion of that data
As part of the GDPR policy, all users have the right to request their user data to be deleted from the platform. Users can submit the formal request via [email protected].
|3rd Party Service / Vendor||Purpose||Country||Website|
|AWS Amazon||Data hosting||Ireland, EU||https://aws.amazon.com|
|MailChimp||Email service provider||USA||https://mailchimp.com|
|Google Analytics||Product Analytics||USA||https://analytics.google.com|
|Crash Analytics||Product Analytics||USA||https://fabric.io|
|Drift||Chat service for customer support||USA||https://www.drift.com|
|Survey Monkey||Survey service for community onboarding||USA||https://www.surveymonkey.com|
Third Party Processors
Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
When we share data, it may be transferred to and processed in countries other than the country you live in – such as to the United States, where some of our third party vendor’s servers are located. These countries may have different laws to the ones you’re used to. Not to worry though, where we disclose personal data to a third party in another country, we put safeguards in place to ensure your personal data remains protected.
For people in the European Economic Area (EEA), this means your data may be transferred outside of the EEA. Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data (like New Zealand), or to a third party where we have approved transfer mechanisms in place to protect your personal data – i.e., by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties). For further information, please contact us.
At any point while we are in possession of or processing your personal data, you have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing, such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
- Right to judicial review – in the event that organisation name refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below.
All of the above requests will be forwarded on should there be a third party involved (as stated above) in the processing of your personal data.