Data Privacy and GDPR Compliance
The GDPR (General Data Protection Regulation) is a new EU Regulation which will replace the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organizations who collect or process personal data. It will come into force on 25th May 2018.
Conteneo is deeply committed to full GDPR compliance. We think it is a step in the right direction for all companies – not just European companies or companies like Conteneo who are based in the United States and provide services to European companies. Accordingly, we are applying GDPR compliance in a uniform manner.
And though we initially felt that GDPR was a potentially daunting set of changes, the reality is that Conteneo’s core values and how we’ve designed our platforms has made our journey to GDPR compliance fairly straightforward. It is quite important that our customers, our partners and all forum participants understand the choices we’ve made to create GDPR compliant solutions, so we’ve created this page to help you understand these choices and how they affect you and your organization. It is not, however, legal advice, and you should consult an attorney if you’d like advice on your interpretation of this information or its accuracy.
Frameworks, Forums and Users are the primary data objects in Weave. Secondary data objects include Projects, Images and Profile Data. All data are stored securely in our hosted data centers and are subject to Data Privacy laws under GDPR based on the owner of the account. Access to any and all Weave Data by Conteneo is strictly regulated and audited and is performed for technical purposes (such as migrating databases when upgrading our software) and only with the approval of the Account Owner. Let’s start with a description of data elements.
|Frameworks||A framework is a tool that enables knowledge workers to perform their jobs – e.g, Prune the Product Tree is a framework to help teams build roadmaps. Frameworks are the starting conditions of a forum. Public frameworks are visible to all users. Private frameworks are owned by the account in which they are created and are visible only to the Producer, Facilitators and Participants of forums that use the framework.|
|Forums||A forum is a specific use of a framework by one or more people. Forums are initiated by a Producer who can use a forum in many ways: as an individual to solve a problem or as a collaborative event. The Producer may act as the facilitator of the event or may designate other facilitators. The Producer determines the eligibility of the participants and may allow them to self-facilitate their event. Forum results are stored privately in the account of the Producer who determines who may access the results when the forum is complete. Forum results are owned by the account holder.|
|Forum Data||Forum data includes the participants, data added by Participants during a forum such as their chats. Forums that have identified participants also capture the IP address of the participant. Producers define and manage the participants of their forums through a guest list. The guest list policy can include requiring the authentication of participants Forums that are anonymous do not capture IP addresses. Producers are responsible for providing guidance to facilitators and participants on sharing data within a forum.|
|Facilitators and Participants||
Facilitators manage forums that are used by Participants. Facilitators must have a Weave account and are authenticated on every session.
Participants join a forum and typically collaborate with one or more additional participants (but you can have single-user forums). The Producer of the forum determines the data required from participants. The most common data required is a name (or handle) and email address. The name (or “handle”) a Participant uses to join a forum is shared with all forum Participants. The email address is shared with the Facilitators and the Producer so that they can better manage the forum. Participants are not required to have a Weave account but may be subjected to verify their email based on how a facilitator has configured their forum. Participants are NOT asked to provide any personal data in an anonymous forum. We do our best to ensure that all participants are providing informed consent to the forums they’re joining.
|Personal Data||The Personal Data we capture and manage are the email addresses of Weave Account holders and other data about themselves (“profile data”) that they freely share, such as the languages they speak or their biography. These are further described below. Note that the only personal data required to enter a forum is an email address, which may or may not be verified depending on how the forum was configured.|
|We capture your first and last name and photo as part of your Weave profile. Our community works better when you share your real name AND a nice smiling photo, and since we’re not selling you or your data, go ahead and be your authentic self.|
Personal Forum Data
Personal Forum Data is defined as your unique event stream with a Forum. It does NOT include the event stream or the information that is derived from multiple personal event streams. This is a subtle point, so let’s see if an example can help explain the differences between these two concepts.
Let’s say that Conteneo invites several customers to join a Buy a Feature forum to help prioritize some new features for our Weave platform. Francine, Satish, Ming, Michal and Dave all join the forum. Each of these forum participants creates Personal Forum Data: their name, the bids in the forum and the chats within the forum. When two or more participants join forces to collaboratively purchase a desired feature, the fact that the item has been purchased is derived based on the Personal Forum Data from the participants. It is important to note that Personal Forum Data is owned by the Producer of the forum, which affects how Conteneo implements your GDPR Right To Be Forgotten.
It is also important to note that the Personal Forum Data can vary based on the specific collaboration engine you’re using: the Weave Idea Engine captures a different event stream (such as moving or deleting items) than the Weave Decision Engine (such as making a bid or funding an item).
Contact & Financial Data
|If you have an individual account (see below) we capture the information necessary for billing, typically your mailing address and payment card details. These data are handled by our payment processor (see below). Financial data also includes your history of payments, which include subscription renewals, collaboration event fees and other optional fees you approve.|
|When you access our platforms we capture your Internet Protocol Address, login data, browser tye and version, time zone setting and other technical data that helps us monitor and improve our systems. For example, we may capture your browser version to help us improve the performance of our software. Much of this data is stored as weblogs, a simple file that contains a history of events recorded by our servers.|
|Some of our platforms, notably Weave, capture optional profile data, such as the languages you speak, your preferences and a brief summary of your experience, including in-person collaboration events that are used to help determine your Collaboration Architect Status.|
|In order to help you use our services, and in order to help us improve our services, we capture data about how you use them. For example, we track such things as which frameworks you’re using, how these frameworks are used, how frequently you collaborate and so forth. We also capture which features you’re using to help determine how to create the best mix of products and services. These data are captured through the “natural” use of Weave and allow us to do such things as suggest new frameworks or recommend better ways to accomplish your goals.|
Marketing and Communications Data
|Marketing and Communications Data includes your preferences in receiving marketing from us (such as our newsletter) and communication preferences. Your choices helps us manage our relationship with you as we do our best to send you communications you believe are relevant and timely. You can manage your email communication preferences in Weave through the “Email Preferences” setting accessed from your User Profile.|
Weave data is owned by the Weave account holder. Access to this data is controlled by the account owner. Let’s explore the different account types in Weave.
|Participant||A Participant account allows participants to join forums and manage their personal data. Participant accounts are created automatically when a participant joins a forum using an email address not subject to an Enterprise license. Participant accounts are always free and provide access to personal data subject to GDPR, enabling Participants to invoke their rights of data portability and their right to be forgotten. Participants give consent to allow the data they provide to a forum to be viewed and owned by the Producer of the forum. Read the section below on the “Right To Be Forgotten” to understand how we balance the rights of the Forum Participant the rights of the Forum Producer.|
|Professional||Designed for consultants and individuals who wish to use Weave to collaborate with others, a Professional account holder can manage frameworks, produce forums, facilitate forums produced by themselves or others and join forums as participants. Professional accounts have all of the rights outlined under GPDR.|
|Team (coming Q3 2018)||Designed for groups of people who operate in one or more teams, a Team Account enables unlimited collaboration within a team and event-based collaboration with people outside the team. A Team Account has one or more Team Admins who control membership of the team. Individual members of the team are sponsored: the Owner of the Team is the entity that is paying for the account. Typically, the Team Account Owner is the same as the Team Account Admin. Read the section below on the “Right To Be Forgotten” to understand how sponsored accounts implement the Right To Be Forgotten.|
|Enterprise||Designed for enterprises who have a complex mix of collaboration needs, enterprise licenses provide unlimited internal and external forums, allows for integration with SSO/SAML and provides extensive analytics and administrative controls. An Enterprise Account has one more Enterprise Admins who manage membership and organizational structure. Individual members of the Enterprise are sponsored: the Enterprise is the entity that is paying for the account. Read the section below on the “Right To Be Forgotten” to understand how sponsored accounts implement the Right To Be Forgotten.|
In simple terms, the GPDR Right to Data Portability requires that Conteneo provide you with a means to download your data. How we do this varies slightly based on the account type, as certain account may have large amounts of data.
|Account Type||Data Portability Notes|
|Individuals||Every individual can download their Weave Data and Personal Data, including their Personal Forum Data, directly from their User Profile. Because a given data file may be quite large, we implement the data download as an “asynchronous job request”. That’s geek-speak for saying we will start the process of downloading and assembling your data and send you an email when it is ready. Note that the download will NOT contain the Personal Forum Data of other people who attended your forum – because hey, that’s their data, not yours!|
|Team and Enterprise Accounts||Team and Enterprise Account Admins can download the Weave Data and Personal Data from all of the accounts they have sponsored. Because of the potentially large volume of data associated with a Team or an Enterprise Account we implement the Right to Data Portability as a service. Please contact firstname.lastname@example.org if you’d like to invoke your Right to Data Portability as a Team or Enterprise Account.|
Right to Be Forgotten
In simple terms, the GPDR Right to Be Forgotten requires that Conteneo provide you with a means to delete your personal data from our platforms. This must be balanced against the ownership of data. For example, when you join a forum as a Participant, you are asked to give explicit consent to give ownership of your personal forum data, such as your bids in a Buy a Feature forum, to the participant. Working with experts in data science and across our community, we have designed a policy that strikes the right balance between your personal data and the contents of a forum.
|Account||Right To Be Forgotten Notes|
When you invoke your Right To Be Forgotten for an individual account, either as a Participant, a Professional, or a member of a Team or Enterprise Account, Weave will delete all of your personal data (such as your profile) and will pseudonominize your Personal Forum Data. That’s a pretty fancy word, so let’s see if an example can help explain it.
Let’s say that Satish creates a Weave Participant account by joining a forum using the email address email@example.com. This means that for this forum, and for subsequent forums that require an email address, the Producers of these forums will be able to associate Satish’s actions (his forum events) with his email address. Over the course of a few months, Satish participates in a few forums and adds his interests and a photo to his profile.
When Satish invokes his Right To Be Forgotten, the following happens:
|Team and Enterprise Accounts||A Team or Enterprise Admin can invoke their Right To Be Forgotten by contacting Conteneo at firstname.lastname@example.org. This operation will result in the deletion of all data for all sponsored users. Individual users can re-establish Participant accounts or Individual paid accounts.|
GDPR regulations allow businesses to retain certain data for a limited period of time to support necessary business functions. When you invoke your Right To Be Forgotten, Conteneo will retain your email address for 12 months to prevent the fraudulent use of free Trial accounts. Individuals are welcome to re-establish Participant accounts or create new accounts.
A Data Processor or a sub-processor is a company that processes personal data for another entity. In most cases, Conteneo is a data processor for our customers. In fulfilling our duties, Conteneo relies on a variety of other companies who are therefore sub-processors to Conteneo. These companies are listed alphabetically.
|Sub-Processor||How Conteneo Uses This Sub-Processor|
|BriteVerify||Conteneo’s Terms of Service require the use of a valid email address. Conteneo uses BriteVerity to help confirm the validity of a given email address.|
|Constant Contact||Conteneo uses Constant Contact to manage sending our newsletters and other marketing communications, such as training announcements.|
|EventBrite||Conteneo uses EventBrite to manage public classes and training offered by Conteneo.|
|Conteneo uses Google Analytics to capture usage data – things like the pages our website visitors use – so that we can identify which data on our websites are most useful and how we can improve our websites.|
|Hubspot||Conteneo uses Hubspot to manage certain marketing communications, such as guiding new users through a sequence of emails that explain our platforms.|
|Rackspace||Conteneo uses Rackspace as our hosting service. Radckspace does not process any Conteneo data – it just serves as a hosting provider. We’re listing Rackspace for completeness.|
|SendGrid||Conteneo uses SendGrid to send administrative emails to account holders, such as notifying you of when you changed your password.|
|Splunk||In order to improve our performance and to help us detect any potentially malicious use of our platforms, Conteneo uses Splunk to analyze web logs and web traffic.|
|Stripe||Conteneo uses Stripe to process credit card payments.|