Last Updated: September 15, 2020
· visit any of our websites (such as https://lattice.com/);visit our social media pages; receive communications from us; or register for, attend and/or otherwise take part in any of our events, tutorials, webinars or contests (collectively “Visitors”); and
- register to or otherwise use any of the Lattice Services as an applicant, team member or employee of one of our Customers (collectively “Users”), when we act as a controller of your Personal Information.
"You"may, depending on the context, be a Visitor or a User of one or more of theLattice Services.
2. About Us
We are Lattice, a company headquartered in San Francisco, California. We make people management software to help improve employee performance, engagement, and overall workplace satisfaction.In support of our mission to make work meaningful, we provide a hosted platform and related tools, including the Lattice web and mobile applications (the"Lattice Services"), that help people teams across the globe to more effectively manage and engage with their employees to improve their performance and turn their companies into the best places to work. You can find out more about us and the Lattice Services here.
3. Lattice As A Service Provider
4. Privacy Principles
Lattice follows these principles in order to protect your privacy:
- We do not collect any more Personal Information than is necessary to provide theServices or to fulfill our legitimate business purposes;
- We only use your Personal Information for the purposes we specify in this PrivacyPolicy, unless you are notified otherwise;
- We do not keep your Personal Information after it is no longer needed; and
5. What Information do we Collect?
The information we collect depends on the ways you interact with Lattice and the choices you make (including your privacy settings), the products and features you use, your location and applicable law.
A. Information We Collect
(i) Information You Provide to Us
When a Visitor to our website contacts us and/or registers for information, content or an event sponsored by Lattice, we will collect certain personal information so that we may fulfill the Visitor’s request or keep in touch with them in connection with our sales and marketing activities (always in accordance with a Visitor's marketing preferences). The Personal Information we collect and we may have collected in the past twelve (12) months include:
· Identifiers, such as your name and business e-mail address;
· Professional or employment-related information, such as company name, job level, functional role and title;
· Inferences, such as your contact preferences; and
· Any other information you provide to us when completing any "free text" boxes in our forms or when you interact with us in the context of troubleshooting and support.
If you register to attend a Lattice-sponsored event, we may also require certain additional Personal Information including:
·Emergency contact (in some instances); and
·Dietary preferences (in some instances).
If you are a User, you (or your team administrator) may provide certain Personal Information to us through the Lattice Services - for example, when you register for a Lattice account to access and use the Lattice Services, when you consult with customer support or send us an email or communicate with us in any way (for example, to make a support request).
The Personal Information we collect may include:
·Business contact information (such as your name, job title, organization, phone number, email address and country);
·Marketing information (such as your contact preferences);
·Account log-in credentials (such as your email or username and password when you sign up for an account with us and the unique User/ team ID assigned to you in our systems);
·Troubleshooting and support data (which is data you provide or we otherwise access in connection with support queries we receive from you. This may include, for example, contact or authentication data, the content of your chats and other communications with Lattice, and the product or service you are using related to your help inquiry); and
·Billing information (including your credit card numbers and associated identifiers, billing address and background information, but only where you pay for the Lattice Services).
If you ever communicate directly with us, we will maintain a record of those communications and responses.
(ii) Information We Collect Automatically
This information we collect includes:
· Identifiers, such as your internet protocol (IP) addresses and browser type; and
· Internet or other electronic network activity, such as your internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data.
We use this information to analyze trends, to improve and personalize our marketing activities and websites, to administer our websites and guarantee their security and continued proper functioning, to track Visitors’ movements around the website and to gather non-identifiable, demographic information about our user base as a whole. We may link this automatically-collected data to Personal Information provided by Visitors, or to other publicly available information hosted on the internet, so that we can better gauge our Visitors’ needs and provide specific information to best serve them.
When you use or interact with the Lattice Services, we automatically collect or receive certain information through our Services (for example in log files) and through other technologies (such as cookies) about your device and usage of the Lattice Services. In some (but not all) countries, including countries in the European Economic Area ("EEA"), UK and Switzerland, this information is considered 'personal data' under data protection laws. Please see the section on Cookies below for more information.
The information we collect includes:
· Log and usage data, which is service-related, diagnostic, usage and performance information our servers automatically collect when you access or use the Lattice Services and which we record in log files. This log data may include the Internet Protocol (IP) address, device information, browser type and settings and information about your activity in the Services (such as the date/ time stamps associated with your usage, pages and files viewed, searches and other actions you take (for example, which features you use)), device event information (such as system activity, error reports and hardware settings).
· Device data, such as information about your computer, phone, tablet or other device you use to access the Lattice Services. This device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system and system configuration information. If you are using our mobile app, we may also collect information about the phone network associated with your mobile device, your mobile device’s operating system or platform, the type of mobile device you use, your mobile device’s unique device ID and information about the features of our mobile app you accessed.
· Location data, such as information about your device's location, which can be either precise or imprecise. How much of this information we collect depends on the type and settings of the device you use to access the Lattice Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. Note however, if you choose to opt out, you may not be able to use certain aspects of the Lattice Services.
This information is used to:
· maintain the security of the Lattice Services;
· provide necessary functionality;
· improve performance of the Lattice Services;
· assess and improve your experience of the Lattice Services;
· review compliance with applicable usage terms;
· identify future opportunities for development of the Lattice Services;
· assess capacity requirements;
· identify customer opportunities and for the security of Lattice generally (in addition to the security of the Lattice Services); and
· analyze overall trends, to help us provide and improve the Lattice Services, and to improve their security and proper functioning.
(iii) Information We Collect from Third Parties
In order to enhance our ability to provide relevant marketing, offers and services to you and update our records, we may obtain information about you from other sources, such as public databases, joint marketing partners, affiliate programs, data providers, social media platforms, as well as from other third parties. This information may include your: mailing address, job title, functional role, business email, phone numbers, intent data (or user behavior data), IP addresses, social media profiles, social media URLs and custom profile. We process this data for the purposes of: updating our records; targeted advertising; event promotion; optimizing our sites and the Lattice Services; for our sales and marketing activities, including to send marketing emails.
6. Cookies and Similar Tracking Technologies
Lattice uses a technology called "cookies" to store session information. A cookie is a small amount of data, which often includes an anonymous unique identifier, which is sent to your browser from a website's computers and stored on your computer's hard drive.
We use both session ID cookies and persistent cookies. A "session ID cookie"expires when you close your browser. We use session ID cookies to track your login status. This cookie is only ever transmitted over HTTPS. A"persistent cookie" remains on your hard drive for an extended period of time. We use persistent cookies to determine from where you were referred to our website, as well as the last user ID that you used to log in. Lattice may set and access Lattice cookies on your computer; cookies are required to use the Lattice Services. You can remove persistent cookies by following directions provided in your Internet browser's "help"directory. Click here for more information on cookies, including how to disable them. If you disable cookies, you may still use our website, but your ability to use some areas of our website, such as contests or surveys, will be limited.
Specifically, we use the following third-party services: Microsoft’s Bing Ads, Google Ads andAnalytics, Quora Ads, LinkedIn Ads, Twitter Ads, Facebook Ads, Instagram Ads, and Hotjar Analytics. To learn more about third-party advertising, and to optout of certain ad-targeting activities, please visit: preferences-mgr.truste.com, aboutads.info/choices,and youronlinechoices.com. To learn more aboutMicrosoft’s privacy practices, see: privacy.microsoft.com/en-us/privacystatement; to opt-out of interest based advertising with Microsoft, see https://about.ads.microsoft.com/en-us/resources/policies/personalized-ads. Tolearn more about Google’s advertising policies, see: policies.google.com/technologies/ads; yourad settings with Google, see: adssettings.google.com; andGoogle’s ad personalization, see: policies.google.com/technologies/partner-sites. Tolearn more about Quora’s privacy practices, see quora.com/about/privacy; toopt-out of interest based advertising with Quora, see: http://www.aboutads.info/choices and https://www.youronlinechoices.com/. Tolearn more about LinkedIn’s privacy practices, see linkedin.com/legal/privacy-policy; toopt-out of interest based advertising from LinkedIn, see www.aboutads.info/choices and www.youronlinechoices.eu and www.youradchoices.ca/choices. To learn more aboutTwitter’s privacy practices, see twitter.com/en/privacy; toopt-out of interest based advertising from Twitter, see https://optout.aboutads.info. Tolearn more about Facebook’s privacy practices, see facebook.com/policy.php; toopt-out of interest based advertising with Facebook, see http://www.aboutads.info/choices and http://www.youronlinechoices.eu/. Tolearn more about Hotjar’s analytics services and privacy practices, see the‘about Hotjar’ section of Hotjar’s support site; to opt-out data collection byHotjar, see https://www.hotjar.com/legal/compliance/opt-out/.Thissite is being monitored by one or more third-party monitoring software(s), andmay capture information about your visit that will help us improve the qualityof our service. You may control the data being collected from your visit byvisiting https://smart-pixl.com througha universal consumer options page located at https://smart-pixl.com/Unsub/unsub.html.
“DO NOT TRACK” SETTING Currently, various browsers offer a “do not track” or “DNT” option which sends a signal to websites’ visited by a user about the user's browser DNT preference setting. Lattice does not currently respond to browsers' DNT signals with respect to the website, in part, because no common industry standard for DNT has been adopted by industry groups, technology companies or regulators, including no consistent standard of interpreting user intent. Lattice takes privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.
7. How do we use your Personal Information?
Lattice processes personal information for the following business and commercial purposes, and if you are a resident in the EEA or UK, on the legal basis identified below:
· Providing our websites and Lattice Services: In reliance on our legitimate interest, we process your personal information to operate and administer our websites, and to provide, operate, and maintain the Lattice Services;
· Communicating with you about the Lattice Services: We may send you service, technical and other administrative or technical email, messages and other types of notifications(such as distribution and product updates and product patches and fixes) in reliance on our legitimate interests in administering the Lattice Services and providing certain features. These communications are considered part of the LatticeServices and in most cases you cannot opt-out of them. If an opt-out is available, you will find that option within the communication itself;
· Providing necessary functionality: We process your personal information in reliance on our legitimate interest to provide you with the necessary functionality required during your use of our websites and Lattice Services.
· Transactional considerations: We process your personal information to complete transactions, and send you related information, including purchase confirmations and invoices, to perform our contract with you and to the extent necessary in reliance on our legitimate interest;
· Handling contact and support requests: If you fill out a “Contact Us” web form or request support as a User, or if you contact us by other means including via a phone call, we process your PersonalInformation to perform our contract with you and/or (if we have not entered into a contract with you) to the extent it is necessary for our legitimate interest in fulfilling your requests and communicating with you;
· Administering Events: We process your personal information to plan and host events or webinars for which you have registered or that you attend, including sending related communications to you, billing, registration and to connect you with other event attendees, to perform of our contract with you, or to the extent necessary for our legitimate interests in fulfilling your requests to attend any such events;
· Developing and improving our websites and services: We process your Personal Information to analyze trends and to track your usage of and interactions with our websites. marketing activities and Lattice Services to the extent it is necessary for our legitimate interest in developing, improving and troubleshooting our websites, marketing activities and the Lattice Services and providing you with more relevant content and service offerings, or where necessary, in reliance on your consent;
· Sending marketing communications: We will process your Personal Information for marketing purposes in accordance with your preferences, such as to communicate with you via email, SMS or telephone about services, features, surveys, newsletters, promotions or events we think may be of interest to you and/or to provide other news or information about Lattice and/or our select partners, in each case in reliance on our legitimate interest in conducting direct marketing or where necessary with your consent. Please see the "Your Privacy Rights" section below, to learn how you can control the processing of your Personal Information by Lattice for marketing purposes;
· Displaying personalized advertisements and content: We process your Personal Information to conduct marketing research, advertise to you, provide personalized information about us on and off our websites and to provide other personalized content based upon your activities and interests to the extent it is necessary for our legitimate interest in supporting our marketing activities or advertising the Lattice Services or, where necessary, to the extent you have provided your prior consent (please see the "Your Privacy Rights" section, below, to learn how you can control how the processing of your Personal Information for personalized advertising purposes);
·Promoting the security of our websites and services: To the extent necessary for our legitimate interests in promoting the safety and security of our websites and services, we use your PersonalInformation to investigate and prevent fraudulent transactions, unauthorized access to the websites, Lattice Services, and other illegal activities;
· For our business purposes, such as data analysis, audits, fraud monitoring and prevention, developing new products and features, enhancing, improving or modifying our products and services, identifying usage trends and expanding our business activities in reliance on our legitimate interests; and
· Complying with legal obligations: We process your Personal Information when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Information to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our websites, theLattice Services, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes or to respond to lawful requests.
· Reviewing compliance with applicable usage terms: We process your Personal Information to review compliance with our contract with you or your organization (where applicable) to the extent that it is in our legitimate interest to ensure adherence to the relevant terms; and
· Other purposes: We will process your Personal Information for other purposes about which we notify you in advance, or for which we receive your consent.
8. What Information We Share or Disclose to Others?
Event Co-Sponsors: If you sign up for an event or content that is co-hosted by Lattice and one of its partners or co-sponsors, your Personal Information may be shared with that partner or co-sponsor. Please see our partner or co-sponsors’ privacy policies for further information about how they use Personal Information.
Legal or regulatory bodies and agencies: Lattice will share your information, including Personal Information, in order to respond to investigations, court orders, legal processes, or to investigate prevent or take action regarding illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person, violations of Lattice’s Terms of Service, or as otherwise required by law. If Lattice is required by law or an order of a court of competent jurisdiction to disclose your information, Lattice will promptly notify you of this requirement, if permitted by the court or applicable law, so that you may seek a protective order or other appropriate relief.
Service providers: In order to provide our websites, the Lattice Services to you and undertake our marketing and business activities, it may be necessary for us to disclose your information to contracted third parties and service provider partners who perform certain functions on our behalf. Examples include payment providers (to authorize, record, settle and clear payment card transactions); cloud hosting providers (to provide data storage and processing services); communications providers (to process new queries and to manage our emails); and analytics companies to perform analysis. These third-party service providers or vendors may use data we provide to them only as instructed by Lattice.
Business transfers: If Lattice is involved in a merger, acquisition, or sale of all or apportion of its assets, Personal Information may be transferred to the acquiring person or entity, in which case you will be notified via email and/or a prominent notice on our website of any such change in ownership or uses of Personal Information, as well as any choices you may have regarding Personal Information.
Advertising partners: We may partner with third party advertising networks, exchanges and social media platforms to display advertising on our websites or to manage and service advertising on other sites and we may share Personal Information with them for this purpose. Please see the section above "Cookies and Other Similar Technology" for further information.
9. Links To Third Party Websites
10. How We Protect Your Information
All of your Personal Information remains private and confidential. The security ofyour Personal Information is important to us. When you enter sensitive information (such as a credit card number) on our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL).
Lattice maintains a comprehensive written information security program that complies with applicable law and generally accepted industry standards. Our program includes appropriate administrative, technical and physical safeguards, procedures and practices to protect Personal Information submitted to us, both during transmission and once we receive it. No method of transmission over theInternet, or method of electronic storage, however, is 100% secure. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our website, the Lattice® web application owned and operated by Lattice, or the Lattice Services, please contact us using the contact information below.
Lattice and its representatives will never request your account credentials. You should never share your Lattice account information, including your username and password, with anyone else. We recommend that you use a unique password for your Lattice account that is not associated with other websites. You should check your Lattice account regularly to ensure that your Personal Information has not been tampered with or altered. Any suspicious activity regarding your account, including automated messages or calls from parties you cannot identify, should be reported to your site administrator and Lattice using the contact information below.
11. Social Media Features
Our websites may use social media features, such as the Facebook “like” button, the “Tweet”button and other sharing widgets (“Social Media Features”). You may be given the option by such Social Media Features to post information about your activities on a website to a profile page of yours that is provided by a third-party social media network in order to share with others within your network. SocialMedia Features are either hosted by the respective social media network or hosted directly on our website. To the extent the Social Media Features are hosted by the respective social media networks and you click through to these from our website, the latter may receive information showing that you have visited our website. If you are logged in to your social media account, it is possible that the respective social media network can link your visit to our websites with your social media profile. Your interactions with Social MediaFeatures are governed by the privacy policies of the companies providing the relevant Social Media Features
12. Your Privacy Rights
When acting as a controller, and depending on your location, your jurisdiction, and subject to applicable law, you may have the rights below with regard to the PersonalInformation we control about you. We will respond to your requests within the appropriate timeline under applicable law.
· The right of access means that you have the right to request that we disclose what Personal Information we have collected, used and disclosed about you. You can do so at any time by contacting us using the contact details provided under the "How to Contact Us" heading below.
· The right of deletion means that you have the right to request that we delete Personal Information collected or maintained by us, subject to certain exceptions. As mentioned above, you can doso at any time by contacting us using the contact details provided under the"How to Contact Us " heading below.
·The right to non-discrimination means that you will not receive any discriminatory treatment when you exercise one of your privacy rights.
· You can also ask us to correct or update your Personal Information; object to the processing of your personal information; ask us to restrict processing of your Personal Information or request the portability of your PersonalInformation. Again, you can exercise these rights by contacting us using the contact details provided under the "How to Contact Us " heading below
.· While you cannot opt out of service-related emails if you are an account holder, as this is an essential part of the Lattice Services, you have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you, or you can contact us using the contact information below.
· Similarly, if we have collected and process your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent
.· You have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority.
· Lattice does not engage in any automated decision making with User PersonalInformation.
13. California Consumer Privacy Act (CCPA) Sale of Personal Information Notice
As mentioned above, Lattice may provide third parties with certain personal information to provide or improve our products and services, for example to deliver products or services at your request. In such cases, we require those third parties to handle the information in accordance with applicable laws and regulations. Lattice does not sell personal information to third parties (pursuant to CaliforniaCivil Code §§ 1798.100–1798.199, also known as the California Consumer PrivacyAct of 2018), nor does Lattice share personal information with third parties for their direct marketing purposes (pursuant to California Civil Code Sec.1798.83).
14. How to Contact Us
You can exercise your rights yourself or depending on your country or state, you may be able to designate an authorized agent to exercise these rights on your behalf. Please note that to protect your personal information, we will verify your identity by a method appropriate to the type of request you are making.For example, this could include sending an e-mail to an account on record, or asking you to identify a recent transaction or communication. We may also request that your authorized agent sign a declaration under the penalty of perjury attesting to their designation as your authorized agent, and that they have written permission from you to make requests on your behalf. We may also need to verify your authorized agent's identity to protect your personal information.
Please use the contact details below, if you would like to:
· Access this policy in an alternative format;
· Exercise your rights;
· Contact Lattice’s Data Protection Officer;
· Learn more about your rights or our privacy practices;
· Designate an authorized agent to make a request on your behalf; or
Request Portal: https://lattice.com/privacy-request
Alternatively, you can write to us at:Degree,Inc. DBA Lattice
600 Battery Street, Floor 2
San Francisco, California 94111
15. Data Retention
We will retain your Personal Information for as long as is necessary to fulfill the services that you have requested, comply with any laws or regulations, resolve disputes, and enforce our agreements. Lattice may retain your data longer for a legitimate business interest where business benefit is not outweighed by your personal rights and freedoms. Data entered into the Lattice Services and processed on behalf of our Customers as a service provider or processor is retained in accordance with any applicable agreement between Lattice and its Customer.
16. Information About Minors
Our website and services are not targeted at children under sixteen (16) years of age. As such, Lattice does not process or disclose Personal Information of minors under sixteen years of age. If you believe we have collected personal information about a child under sixteen, please contact us using the How to Contact Us Section above.
18. European Representative
For the convenient administration of regulatory compliance concerns related to citizens of the European Union, Lattice has appointed an EU Representative. For questions related to GDRP compliance, or to contact Lattice’s EU Representative, please contact firstname.lastname@example.org or at:
RIVACY GmbH / Hammerbrookstr. 90/ 20097Hamburg
Geschäftsführer: Tim Haufe // Tel.: +49 175 820 36 42
19. International Data Transfers
Your personal information may be transferred to, and processed in the United States and in any other country where Lattice or its affiliates, subsidiaries or third party service providers maintain facilities or personnel. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective). We follow applicable data protection laws when transferring personal data.If you are resident in or a visitor from the EEA, United Kingdom or Switzerland, we will protect your Personal Information when it is transferred outside of such locations by processing it in a territory which the European Commission has determined provides an adequate level of protection for Personal Information; or otherwise implementing appropriate safeguards to protect your Personal Information, including through the use of Standard Contractual Clauses or another lawful transfer mechanism approved by the European Commission.
Have more questions? We’re here to help, so please contact us.