Introduction
-
Your privacy is of utmost importance to Ribose. We are committed to protecting any information you share with us.
-
This Privacy Policy sets out the basis on which any Personal information which we collect from you, or that you provide to us, will be processed by us.
-
This Privacy Policy applies to all Services, and has been drafted to demonstrate compliance with the privacy laws of jurisdictions in which Ribose operates. We will handle your Personal information in accordance with Data Protection Legislation.
-
It also describes the choices available to you regarding Ribose’s use of your Personal information, and the steps you can take to access Personal information; to request that we correct or delete it, or to complain about any aspect of our handling of your Personal information.
-
Registration of Your Account, its usage and the acceptance of the terms of this Privacy Policy indicates that you have reviewed this Privacy Policy and have agreed to be bound by it.
-
You are required to accept this Privacy Policy before registering Your Account (or before continuing to use the Service), and any users who use Your Account will also be required to expressly accept this Privacy Policy before first accessing (or before continuing to access) our Service through Your Account. If you do not agree to these terms you must leave our website immediately. If you choose to accept this Privacy Policy, we will keep a record of your acceptance in this regard.
Terms and definitions
-
“Ribose”, “we” and “us” in this document refer collectively to the Ribose Group of companies, including Ribose Inc. (US), Ribose Limited (UK) and Ribose Asia Limited (HK).
-
“Services” means all products and services offered by Ribose, where each of those is referred to a “Service”.
-
“Your Account” means a registered account at Services created by you.
-
“Personal information” means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, our possession, and includes personal data as described in Data Protection Legislation.
-
“Data Protection Legislation” means the Hong Kong Personal Data (Privacy) Ordinance and any other applicable law or regulation relating to the processing of personal data and to privacy such as California Consumer Privacy Act, the Data Protection Acts 1988 and 2003 and Directive 95/46/EC, as such legislation shall be amended, revised or replaced from time to time, including by operation of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) (and laws implementing or supplementing the GDPR).
-
“User Data” means data (which may include personal information) uploaded by you or others through Your Account, and may be any information, data or materials provided or utilized by you or others in connection with the Service, including, without limitation, user credentials, data shared to users or other parties in connection with Services, and/or any personal information provided by you during a support request, etc. Ribose is a Data Processor (as defined in Data Protection Legislation) in respect of the User Data.
-
“External Resources” means resources not operated by Ribose.
Information we collect from you
We fully respect your right to privacy in relation to your interactions with the Service and endeavor to be transparent in our dealings with you as to what information we will collect and how we will use your information.
Information you provide
-
Most of the personal information held by Ribose is supplied by you, the user. We only collect and use individual’s information where we are legally entitled to do so.
-
Account and profile information. You will have to provide personal information in order to become a user of the Services ("user"). We collect information about you when you register for an account, create or modify your profile, set preferences, sign-up for or make purchases through the Services. The registration process asks for a full name, password and an email address. You also have the option of adding a profile photo, and other details such as birthday, phone and so forth to your profile information to be displayed in our Services. We keep track of your entered preferences within the Services. While you are asked to provide Ribose with a real name and functional contact details, you can participate in all activities, such as spaces and conversations, using an alias ("screen name").
-
Content you provide using the Services. This content includes information you enter into the platform and its applications, such as conversations, calendar, contacts, space memberships and so forth. You can also choose to upload specific contacts to Ribose from your own contact sources, but Ribose will not make and store copies of entire users' address books. Any contacts you upload will be accessible only by you unless and until you invite them to a Space and they choose to become a user, or if you expressly include information about them in Space Content (such as in uploaded files or conversations).
-
Information you provide through our support channels. This includes information provided to and interactions with the customer support functions of Services, including any information given our support team. You may be asked to provide contact information and other necessary information for solving a particular support case you reported.
-
Payment Information: We collect certain payment and billing information when you register for certain paid Services.
Information we collect automatically from usage of Services
-
We collect information about you when you use our Services, including browsing our websites and taking certain actions within the Services.
-
Your usage of Services. We keep track of certain information about you when you interact with our Services, such as the features you use and their parameters. We also collect information about the Spaces and users you interact with.
-
Cookies. Our cookies page describes the cookies we use. You may set your browser to refuse cookies. However, some Services may not function properly if cookies are disabled.
-
Server logs. When you access our Services, our servers automatically record certain information, which may include your IP address, browser type, browser language, web request, interaction with services, date and time of request, the address of the web page visited before using the Service, and cookie information (see above).
-
Client information. When you login to our Services via a browser or mobile application (“Client Device”), our Services automatically record information that your Client Device sends to our Services. This information includes client configuration and plugins, language preferences, application identifiers, and crash data.
-
Communications. We retain communications between you and Ribose, whether or not you are a user of Services. If you sign up for Ribose newsletters, webinars, or other communications or you want to contact us generally, we will collect your contact information to fulfill your request. While providing you with customer support we may also gather additional information from you.
-
Location data. Certain Services may offer additional features, which require more detailed location-awareness than may be provided simply by your IP address. Detailed location information will only be collected if you choose to take up these Services, having been expressly notified.
Information we receive from other sources
-
Integration of Services to third-parties. Certain Services allow user configured integration to third-party services, such as for the importing of contacts. The information we receive from these integrations depend on the parameters of the third-party services.
-
Partners. We work with partners who provide complementary services to our own, such as resellers, integrators or infrastructure providers, who provide us information about your interest in, usage of Services as well as other information and contacts necessary for us to sustain your usage of Services.
-
External access to Services. Some Services are offered on or through other third-party websites. Personal information provided to those sites may be sent to Ribose for the provisioning of Services to you. Such information is protected under this Privacy Policy while it is held by Ribose.
-
Third-parties. Marketing and advertising companies may provide us information about your interest in Services.
How we use information collected
-
Ribose uses the personal information it holds to provide and improve the Services, and to protect rights and property of Ribose and Ribose users.
-
To provide Services and personalize your experience. We use your personal information to provide Services to you, such as for authentication, provide support, and process necessary transactions. Services may include personalization features, for example, the ability to upload a profile picture, and in Services that include collaboration features it is necessary to identify users via by personal names.
-
To communicate with you. We use your personal information to send messages to you about your usage of Services, such as activity notifications and for customer support, as well as any updates to the Services themselves. In most cases, these communications can be tailored through the settings area within Your Account.
-
Personal information held by Ribose is only used and disclosed in accordance with the choices made by users; e.g., to join a collaborative Space and participate in conversations. Privacy settings for each Space are set by its Owner/Administrators; users joining a Space are made aware of these settings, and by joining, accept them.
-
Server logs. We use this information to administer the Services, to understand how visitors navigate through the Services and to enhance your experience using the Services.
-
Communications. Ribose uses this information in order to respond to your inquiries and improve our Services.
-
Cookies. Ribose uses cookies to improve the quality of the Services, including to facilitate the login and registration processes, personalize your experience, analyze and track user trends, measure advertising and promotional effectiveness.
-
IP address. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience.
-
Location information. We may combine this information with information derived from your IP address (e.g., regional location) in order to improve your user experience (e.g., by using a particular language or presenting weather).
How your information is shared
-
Ribose will not share Your Data without your consent or unless required by law (except as set out in this Privacy Policy). Ribose only discloses personal information to third parties (i.e., non-users) in the following circumstances.
-
With users of Services to facilitate collaboration. You may utilize functionality of Services to share content with other users, who are then able to see certain personal information of yours (such as your name) to identify the originator of that content.
-
With organization account administrators for management. If your access to Services is granted by an organization account, your account information and usage will be accessible by the organization account owner, and those authorized by the owner.
-
Within Ribose Group. When the third party is part of the Ribose Group and the information is required in order to provide the Services. Access to your personal information is restricted to Ribose employees, contractors and agents who need to process it on behalf of Ribose, and are bound by confidentiality requirements.
-
With contracted parties to facilitate provisioning. Service providers contracted by Ribose help perform payment processing and other necessary services for our delivery of Services to you, for which access or use of your personal information is necessary. Contracted parties are required to process such information in compliance with this Privacy Policy.
-
With third-parties. We will only share information with an external party if you have provided express consent to share such information with a particular third party.
-
With your integrations of third-party services. Your Account may have been configured to integrate with certain third-party services, and as such may give those third-parties access to Your Account and information within. We urge users to review privacy policies of those third-party services as their treatment of personal information and procedures are not controlled by us, as this privacy policy does not cover how third-parties use your information.
-
With explicit consent. In certain cases, you may provide express consent to allow us to display certain personal information, such as placing your name within a published success story.
-
To ensure safety. If we believe in good faith that disclosure is necessary for the health or safety of yourself or any other person.
-
To comply with laws. If Ribose is required to disclose information by law, such as to comply with a subpoena (or a similar legal process) or an enforceable government request. Ribose will notify you when a legally binding request for disclosure of personal information is received, unless prohibited by law.
-
To protect our rights. If we believe in good faith that disclosure is necessary to protect our rights, enforce our Terms, detect, prevent, or otherwise address fraud, security or technical issues. Such information will be disclosed in accordance with applicable laws and regulations.
-
Business Transfers. If any Service becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, we will provide notice before Your Data becomes subject to a different privacy policy.
Children usage of Services
-
Ribose only offers its Services to organizations, and to individuals over the age of 13, and does not direct any of its Services to younger children. Individuals joining as a user are required to confirm that they are 13 or older.
-
If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact us.
How we store and protect information
How we protect information
-
Ribose takes security seriously for the protection of personal information. We take appropriate security measures to protect against unauthorized access to, or unauthorized alteration, disclosure, or destruction, of your personal information. Details on the security schemes we comply with and specific security measures to protect against unauthorized access and disclosure are provided on our website.
How long we retain information
-
Personal information. Ribose keeps personal information for as long as it required to provide the Services being used by Your Account, and for appropriate back-up and archival purposes. If a user is removed, personal information relating only to the user will be deleted immediately, except from back-ups that are retained for a reasonable period thereafter in case you decide to re-activate the Services.
-
Shared information. This information will remain under the control of the owner of the Space that contains it, or the organizational account that owns that Space. Ribose keeps this information for as long as it is required to provide the Services to those Spaces and/or the organization account.
-
Other obligations. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services. Where we retain information for the improvement and development of Services, we take steps to anonymize such information, and only use this information to uncover collective insights about the usage of our Services, not to specifically analyze personal characteristics about you.
-
Marketing information. If you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our Services, such as when you last opened an email from us or ceased using the Services. We retain information derived from cookies and other tracked data for a reasonable period of time from the date such information was created.
International transfers of personal information
-
Personal information held by Ribose is processed on servers located in the United States of America.
-
Transactions and communications using the Services will involve information being at least temporarily held in the jurisdictions where participating users are located.
-
Some Services allow users to expressly select the jurisdiction where the data processing and storage of the Service occurs, including the United States of America and Hong Kong, in which case the relevant personal information necessary will also be processed on servers located in those selected jurisdictions.
-
Because information processed for the Services is stored and transmitted in an encrypted state, no-one other than the intended participants or authorized personnel of Ribose, in any jurisdiction, will be able to see personal information "in clear".
Your rights
You can access, review and change your basic personal information through the Services, generally from the Services' settings area. You can request Ribose for copies of your personal data. We may charge you a small fee for this service. You can request that Ribose withdraw, restrict or object the processing of your personal data by erase your account. You can request that Ribose transfer the data that we collected to another organization, or directly to you.
For any issue related to personal information, you will have to contact Ribose with a manual request by Feedback in our Services or privacy@ribose.com. You will need to identify yourself and the information requested to be accessed, changed or removed. We may decline manual requests that require disproportionate effort or that may infringe the rights of others. If we accept a removal request, we will start the process to remove your personal information stored on Services, normally 1 month, as long as it is not required to be retained by law and not necessary for legitimate business purposes. Due to the structure of our Services, after your personal information is removed, it may take not more than 150 days before residual copies are removed from our Services, and from our backup systems.
External links and apps
This Privacy Policy only applies to our Services. Our Services may provide links to resources not operated by Ribose (“External Resources”). If you choose to submit personal information to any External Resource, your personal information is subject to their privacy policy. We encourage you to carefully read the privacy policy of any External Resources you visit.
Breach reporting
-
We will notify serious data breaches in respect of Your Data to the DPC without undue delay, and where feasible, not later than 72 hours after having become aware of same. If notification is not made after 72 hours, we will record a reasoned justification for the delay; however, it is not necessary to notify the DPC where the Personal information breach is unlikely to result in a risk to the rights and freedoms of natural persons. A Personal information breach in this context means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal information transmitted, stored or otherwise processed.
-
We will keep a record of any data breaches, including their effects and the remedial action taken, and will notify you of any data breach affecting your Personal information (which poses a high risk to you) when we are required to do so under Data Protection Legislation. We will not be required to notify you of a data breach where:
-
we have implemented appropriate technical and organizational measures that render the Personal information unintelligible to anyone not authorized to access it, such as encryption; or
-
we have taken subsequent measures which ensure that the high risk to data subjects is not likely to materialize; or
-
it would involve disproportionate effort, in which case we may make a public communication instead.
-
-
In the event of a serious data breach in respect of User Data, we will notify the relevant Data Controller of such breach as soon as reasonably practicable.
Changes to this Privacy Policy
-
We may change this privacy policy from time to time. The date of the most recent revisions will appear on this page. If material changes are made to the Privacy Policy, we will notify you by placing a more prominent notice on our website or by sending you a notification in relation to this.
-
If you disagree with any changes to this privacy policy, you will need to stop using the Services and deactivate your account(s).
Contact Us
If you have questions about this Privacy Policy or want to contact us regarding how we handle your personal information, please email privacy@ribose.com, or write to us at the address shown on our contact page.