RALLYBRIGHT PRIVACY POLICY

Last Updated: October 18th, 2024

This RallyBright Privacy Policy (“Policy”) describes how RallyBright, Inc. and its related companies collect, use and share personal information of users of this website, RallyBright.com, (“Website”) and through our mobile applications (together, with the “Website”, the “Platform”). As the terms are used in this Agreement, “RallyBright,” “us” or “we” refers to RallyBright, Inc. and the term “you” refers to the end user of the Platform.

This is an important legal agreement between you and us. You agree to this Policy by using the Platform or providing your personal information (i.e., information that personally identifies you or other data that can be reasonably used to infer this information) to us. If you do not agree with any term in this Policy, please do not provide us your personal information or use the Platform.

OVERVIEW

At RallyBright, we value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, share, and protect your data when you engage with our platform, assessments, and services. We follow Privacy by Design principles and comply with global data privacy frameworks, including the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF.

WHAT WE COLLECT

RallyBright only collects the minimum amount of personally identifiable information (PII) necessary to provide our services effectively. This may include:

  • Information You Give Us. We collect your‎ name, email address, username, demographic information (such as your gender and occupation) as well as other personal information you directly give to us through the Platform.
  • Information We Get from Others. We may get information about you from other sources. We may add this to information we get from the Platform.
  • Information From Your Team or Organization: Anonymized assessment responses and feedback shared through our platform.
  • Information Automatically Collected: Interactions with our platform, which helps us improve user experience and product functionality. For example, when using the Platform, we log your computer or mobile device operating system type, browser type, browser language, the website you visited before browsing to the Website, pages you viewed, how long you spent on a page, access times and information about your use of and actions on the Platform.

We do not collect sensitive personal data, such as financial or health information.

HOW WE USE INFORMATION

We use your personal information as follows:

  • We use your personal information to operate, maintain, and improve the Platform and our products and services offered through the Platform.
  • We use your personal information to respond to comments and questions and provide customer service.
  • We use your personal information to send information including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.
  • We use your personal information to communicate updates or important information related to our services.
  • We use your personal information to link or combine user information with other personal information.
  • We use your personal information to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.
  • We use your personal information to provide and deliver the products and services you request or purchase.
  • We will not use your personal information for any other purpose without first obtaining your consent.
  • We use your data to deliver insights and recommendations that help improve team performance and inclusion. Specific uses include:
    • Providing assessment results and performance insights.
    • Generating personalized team reports.
    • Enhancing our platform’s functionality through usage analytics.

All personal data is processed in accordance with our strict security protocols, and we do not use your information for marketing purposes unless you have explicitly opted in.

SHARING OF PERSONAL INFORMATION

We may share personal information as follows:

  • We may share your personal information with your consent. For example, you may let us share personal information with third parties for their own marketing uses. Those uses will be subject to those third party privacy policies.
  • We may share personal information when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
  • We may share personal information for legal and safety purposes. For example, we may share your personal information:
    • To comply with laws.
    • To respond to lawful requests and legal processes.
    • To protect our rights and property, our agents, customers, and others. This includes enforcing our agreements, policies, and terms of use.
    • In an emergency. This includes protecting the safety of our employees and agents, our customers, or any person.
    • We may share information with those who need it to do work for us. Unless we tell you differently, they do not have any right to use your personal information beyond what is necessary to assist us.

NON-IDENTIFIABLE DATA

We may use and share non-identifiable data (i.e. non-personal, de-identified information that can’t be used to identify you) for any lawful business purpose without any obligation or accounting to you. When we do so, we will take reasonable measures to ensure that the non-identifiable data is not personally identifiable and cannot later be used to identify you.

COOKIES AND INTERNET ADVERTISING

  • We may log information using “cookies.” Cookies are small data files stored on your hard drive by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on the Website. This type of information is collected to make the Website more useful to you and to tailor the experience with us to meet your special interests and needs.
  • We may also use “web beacons” (i.e. “web bugs” or “single–pixel” or “clear” GIFs) on the Website. Web beacons allow ad networks to provide anonymized, aggregated auditing, research, and reporting for us and for advertisers. Web beacons also enable ad networks to serve targeted advertisements to you when you visit other websites. Because your web browser must request these advertisements and web beacons from the ad network’s servers, these companies can view, edit, or set their own cookies just as if you had requested a web page from their website.
  • You can typically remove and reject cookies from the Website with your browser settings. Many browsers are set to accept cookies until you change your settings. If you remove or reject our cookies, it could affect how the Website works for you. You may also request to opt-out of an advertiser’s use of cookies by visiting the National Advertising Initiative or the Digital Advertising Alliance. You may request to opt-out of Google’s use of cookies by visiting www.google.com/ads/preferences.

DATA RETENTION AND DELETION

We retain personal data only as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws and regulations. You may request deletion of your personal data at any time by contacting privacy@www.rallybright.com. Upon receiving such a request, we will securely delete or anonymize your data in accordance with our data retention policies.

HOW WE PROTECT INFORMATION

We take reasonable steps to maintain the security of your personal information, however, no data transmission over the Internet can be guaranteed to be completely secure. Accordingly, we cannot ensure or warrant the security of any information that you transmit to us, so you do so at your own risk.

The security of your data is our top priority. RallyBright uses a combination of technical and organizational measures to safeguard your information, including Encryption (e.g., AES-256), Access Controls (e.g. SSO, MFA), Security Monitoring and Logging, Incident Response Policies and Protocols

YOUR RIGHTS AND CHOICES

You have the right to access, update, or delete your personal data, as well as to restrict or object to certain data processing activities. If you would like to exercise any of these rights, please reach out to our Data Protection Officer at privacy@www.rallybright.com.

Under applicable privacy laws, including GDPR, you have the following rights regarding your personal data:

  • Right to Access: You can request access to your personal data.
  • Right to Correction: You can request correction of inaccurate or incomplete data.
  • Right to Erasure: You can request deletion of your personal data under certain circumstances.
  • Right to Data Portability: You can request a copy of your data in a structured, machine-readable format.
  • Right to Object and Restrict Processing: You can object to or request the restriction of data processing.

To exercise these rights, please contact our Data Protection Officer at privacy@www.rallybright.com.

INFORMATION CHOICES AND CHANGES

Our marketing emails tell you how to “opt-out” from our marketing communications. If you opt out, we may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you. We may continue to send you administrative emails including, for example, periodic updates to our Policy, even if you indicate that you no longer wish to receive promotional email from us.

You may send requests about personal information to our Contact Information below. You can request to change contact choices, opt-out of our sharing with others, and update your personal information. We may not be able to completely remove your personal information from our systems in certain circumstances. For example, we may retain your personal information for legitimate business purposes, if it may be necessary to prevent fraud or future abuse, if required by law, or as retained in our data backup systems or cached or archived pages. All of your personal information that we keep will continue to be subject to the terms of this Policy to which you have previously agreed.

CALIFORNIA PRIVACY RIGHTS

California Civil Code Section 1798.83 permits users that are California residents to request certain information regarding our disclosures of personal information to third parties for such third parties’ direct marketing purposes. If you are a California resident and would like to make such a request, please contact us at support@www.rallybright.com.

LEGAL BASIS FOR DATA PROCESSING

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions where the General Data Protection Regulation (GDPR) applies, RallyBright processes your personal data under the following legal bases:

  1. Consent:
    • We may process your personal data based on your explicit consent for specific purposes, such as sending marketing communications or using cookies and similar technologies for analytics. You have the right to withdraw your consent at any time by contacting us at privacy@www.rallybright.com or adjusting your preferences in your account settings.
  2. Performance of a Contract:
    • We process your personal data as necessary to provide our services and fulfill our contractual obligations. For example, we use your information to deliver personalized assessments, generate team reports, and provide customer support based on our agreement with you or your organization.
  3. Legitimate Interests:
    • We may process your personal data for our legitimate business interests, provided that such processing does not outweigh your rights and freedoms. These interests include improving the functionality of our Platform, conducting data analytics, and protecting the security and integrity of our services.
  4. Compliance with Legal Obligations:
    • We may process your personal data when necessary to comply with a legal obligation, such as responding to lawful requests from authorities or ensuring compliance with applicable laws and regulations.
  5. Protection of Vital Interests:
    • In rare circumstances, we may process your personal data to protect your vital interests or the vital interests of others, such as in the case of an emergency.

If you have any questions about the legal basis on which we process your personal data, or if you would like to know more about your rights under GDPR, please contact our Data Protection Officer at privacy@www.rallybright.com.

CHILDREN’S PRIVACY

The Platform is not intended for use by children under the age of 16. RallyBright does not knowingly collect personal information from children. If we become aware that personal information has been collected from a child under 16 without verified parental consent, we will take immediate steps to delete such information. If you believe that we might have any information from or about a child under 16, please contact us at privacy@www.rallybright.com.

LINKS TO OTHER WEBSITES

The Platform may contain links to third party websites and may allow you to share information, including your personal information and allow it to be transmitted to third party websites (such as social networks). We are not responsible for the privacy practices of any third-party websites so we encourage you to read the privacy statement of each and every website that you send information to. This Policy applies solely to information we collect from you.

INTERNATIONAL DATA TRANSFERS

RallyBright is a U.S.-based company. If you access our services from outside the United States, your data may be transferred to and processed in the U.S. We ensure that such transfers are conducted in compliance with applicable privacy laws and are protected by appropriate safeguards.

COMPLIANCE WITH THE EU-U.S. DATA PRIVACY FRAMEWORK (DPF) AND UK EXTENSION

 

RallyBright, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the DPF, as established by the U.S. Department of Commerce. We have certified that we adhere to the EU-U.S. DPF Principles regarding the processing of personal data received from the European Union and the United Kingdom.


If there is any conflict between the terms of this policy and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework Program and view our certification, please visit the official DPF Program website.


COOPERATION WITH EU DATA PROTECTION AUTHORITIES (DPAS) AND THE UK ICO

 

In compliance with the EU-U.S. DPF and UK Extension, RallyBright, Inc. commits to cooperate and comply with the advice of the EU Data Protection Authorities (DPAs) and the UK Information Commissioner’s Office (ICO) for unresolved complaints regarding the handling of HR-related data under the DPF in the context of the employment relationship.

Affected individuals may access this recourse free of charge.

THIRD-PARTY DATA SHARING AND PURPOSES

 

We disclose personal information only to trusted third parties as necessary to provide and improve our services, comply with legal requirements, and support core business functions. This includes:


  • Service Providers:
    We engage with service providers and vendors for the following purposes:
    • Cloud Hosting and Data Storage: Securely storing and processing personal data.
    • Analytics and Performance Optimization: Monitoring user interactions to enhance our platform’s functionality.
    • HR, Payroll, and Benefits Administration: Facilitating employment-related services for customers and employees.
    • Payment Processors: Handling transactions securely for service purchases.
  • Business Transactions:
    If we engage in a merger, acquisition, or sale of all or part of our business, personal data may be transferred to the relevant third party. Users will be notified as required by law.
  • Onward Transfers:
    When transferring personal data to third-party processors for further processing, RallyBright, Inc. ensures that these processors comply with the EU-U.S. DPF Principles. We remain liable for onward transfers unless we can demonstrate that we are not responsible for the event leading to any damage.
 

FTC INVESTIGATORY AND ENFORCEMENT POWERS

 

RallyBright, Inc. is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). This ensures that we adhere to applicable privacy frameworks, including the EU-U.S. Data Privacy Framework (DPF) and the UK Extension.

BINDING ARBITRATION OPTION FOR DISPUTE RESOLUTION

 

Under certain conditions, individuals may invoke binding arbitration to resolve complaints that remain unresolved through other channels.

To initiate arbitration, individuals must provide written notice to RallyBright, Inc. and follow the procedures and conditions outlined in Annex I of the DPF Principles. Once arbitration is invoked, RallyBright is committed to following the terms and conditions specified in Annex I.

 

LAWFUL REQUESTS BY PUBLIC AUTHORITIES

 

We may disclose personal information as required by law, including:

  • Compliance with lawful requests from public authorities, such as subpoenas or court orders.
  • National security and law enforcement requests in accordance with applicable legal requirements.

 

LIABILITY FOR ONWARD TRANSFERS

 

In cases where we transfer personal data to third-party processors, RallyBright, Inc. remains liable for ensuring that these parties process the data in compliance with the EU-U.S. DPF Principles. If a third party fails to meet these standards, we will be responsible unless we can demonstrate that we were not involved in the event causing the issue.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on our website, and where appropriate, we will notify you via email. We encourage you to review this policy periodically to stay informed about how we protect your information.

CONTACT INFORMATION

If you have any questions or concerns about this Privacy Policy or our data handling practices, please contact us at:

RallyBright, Inc.
Email: privacy@www.rallybright.com
Website: www.www.rallybright.com

RallyBright, Inc. is located at 7801 Lonesome Pine Ln, Bethesda, MD 20817.8