Oxi Fesh – Listen360 Case Study
Last Modified: February 21, 2019
In addition, we may provide you with “just-in-time” disclosures or additional information about the data handling practices of specific parts of our Services. Such notices may supplement this Policy or provide you with additional choices about how we process your personal information.
To understand Listen360’s data protection obligations and your rights to your personal information under this Policy, it is important that you identify which relationship(s) you have with Listen360.
Hereinafter we may refer to Clients, Respondents, and Visitors individually and collectively as “you.”
For purposes of this policy, “Personal Information” refers to any information about an identified or identifiable individual, including financial account information, Protected Health Information (PHI/ePHI), and any device information that may be linked with an identifiable individual. Any information that is anonymized or aggregated is no longer Personal Information and we may use it and share it for any reason, including using anonymized PHI/ePHI as authorized by HIPAA.
We collect Personal Information from and about Visitors to our Sites, we collect Personal Information from and about Clients and Client Users through our Sites and Services, and we collect Personal Information from and about Respondents and other individuals who do business with and provide feedback about Clients that use our Services.
Parts of our Sites are public, such as our blog, and any information that is disclosed on such public parts of our Sites may appear on search engines or other publicly available platforms, and may be “crawled,” searched and used by other Visitors, Clients, Client Users, Respondents, or other third parties. Please do not post any information that you do not want to reveal publicly.
In all cases where we share Personal Information with third parties, we will use a “minimum necessary” standard to disclose only that information required for satisfying the purpose of or performing the service for which the information is disclosed.
We generally collect and use information as follows:
Information from Visitors to the Sites
Information we collect from Visitors and when we collect it:
How we use the information we collect from Visitors:
How we share the information we collect from Visitors:
Please read the “How We Share Information with Third Parties” section of this Policy for detailed information on how we share your Personal Information. We may share anonymized information with any third party for any reason.
Generally, we share a Visitor’s Personal Information as follows:
From Clients and Client Users Utilizing the Sites and Services
Information we collect from Clients and Client Users and when we collect it:
How we use the information we collect from Clients and Client Users:
Generally, we collect and use information from you to provide, protect, and improve our Services, and to provide you with a personalized experience when using our Services. Some specific examples of how we may use your Personal Information include:
How we share the information we collect Clients and Client Users:
Generally, we share Client and Client User Personal Information as follows:
From Respondents Using the Sites and Services
Any Personal Information we collect about a consumer or other individual, whether entered directly into our systems by the consumer as a Respondent, entered or imported by an authorized Client User, or imported by a Client -authorized third party integration, is used solely for the purpose of providing our Services and is not shared with third parties for any reason other than providing our Services, unless otherwise set forth herein.
We may share anonymized information with any third party for any reason, including sharing anonymized PHI/ePHI as authorized by HIPAA.
Information we collect from Respondents and when we collect it:
All collection of Personal Information from and about consumers is performed on behalf of the Client with which the consumer interacts or otherwise does business via our Services. Generally, we collect Respondent Personal Information as follows:
How we use the information we collect from Respondents:
Generally, we collect and use information from Respondents on behalf of our Clients to provide, protect, and improve our Services. Some specific examples of how we may use your Personal Information include:
How we share the information we collect from Respondents:
Generally, we share Respondent Personal Information as follows:
When you access the Site or Services, or open one of our HTML emails, we may automatically record certain information from your system by using cookies and other types of click-stream tracking technologies. This “automatically collected” information may include Internet Protocol address (“IP Address”), a unique user ID, device type, device identifiers, browser types and language, referring and exit pages, platform type, version of software installed, system type, the content and pages that you access on the Sites and Service, the number of clicks, the amount of time spent on pages, the dates and times that you visit the Sites and Service, and other similar information. Depending on the law of your country of residence, your IP address may legally be considered personally identifiable information.
We typically use these cookies and similar technologies for essential and functional purposes (e.g. to maintain an active session), to improve the performance and usability of our Sites, and to analyze how users interact with the Services (e.g. to understand how long users stay on a page, how often they return, and how they arrived at our Site). On certain portions of our Sites we may collect data through these technologies for advertising, remarketing, or other similar purposes. Click-stream and related data is typically used for purposes of system administration, to improve our Services, for marketing and advertising-related purposes, and other similar uses.
Certain portions of our Services may collect information via cookies, web beacons, pixel tags, and similar digital tracking technologies. These technologies can be used to operate, secure and provide our Services by collecting and analyzing information related to your use of the Services.
Listen360 utilizes only strictly necessary and functional cookies as part of its application Services, though other cookies including analytics and marketing related cookies are utilized on our public-facing websites and feedback forms. User sessions originating from an EU or UK IP address are provided the opportunity to opt-out of these analytics and marketing cookies.
Listen360 provides the ability to integrate the Services with select third party systems for importing and synchronization of customer information or publishing of feedback content (“Integrated Service(s)”). When a Client elects to establish a Listen360 connection with an Integrated Service, all data in your account may be shared with the Integrated Service (and all data in the Integrated Service account may be shared with Listen360) including personally identifiable information about your consumer and non-consumer customers and prospects. Listen360 does not control the policies or procedures of these Integrated Services, even though the integrations are provided through our Services, and Listen360 is not responsible for and has no control over how these third party Integrated Services function.
Listen360 may provide the Personal Information we have collected from and/or about Clients to Integrated Services for the purpose of enabling them to market their products or services to you, if you have not opted out of these disclosures.
When you provide feedback about a Client via the Services, we share all of the information you provide, including Personal Information, with that Client.
When you submit any feedback form or survey, you are providing explicit consent to publically publish in any forum or format any and all of the information provided via the form (including both checkbox/radio button selections and free text comments) in conjunction with your first and last initials.
In all cases where we share Personal Information with third parties, we will use a “minimum necessary” standard to disclose only that information required to perform the service for which the information is disclosed.
We will retain Personal Information for Clients and Client Users as long as you remain an active user of our Services and for a reasonable time thereafter, to serve the purpose(s) for which your Personal Information was processed, or as necessary to comply with our legal obligations, to resolve disputes, or to enforce our agreements to the extent permitted by law. While retention requirements can vary by country, we generally apply the retention periods noted below.
Upon termination of a contract with a Covered Entity, we will remove any ePHI stored in our systems on behalf of that Covered Entity where required by applicable law or the Business Associate Agreement with the Covered Entity; any PHI that we continue to maintain, will be stored and protected per the terms of our Business Associate Agreement with the Covered Entity.
Listen360 has implemented measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our thirty party vendor’s servers which utilize the most powerful security tools that exist in the marketplace.
The Listen360 Sites, including hosted web feedback survey forms, utilize secure SSL for all form data submissions in conjunction with a 256-bit GoDaddy certificate, but accommodate the majority of browsers at 128-bit encryption.
Listen360 does not directly store, process, or transmit bank account and credit card information. All payment processing, and collection of payment account data, is accomplished via integration with third-party service providers. These providers are contractually required to maintain compliance with the PCI DSS – Payment Card Industry Data Security Standards, and with all NACHA rules for ACH transaction processing. This includes secure transmission of credit card/bank account information, and encrypted storage of all payment account information.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted via our Sites or Services. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Sites or the Services.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Sites or the Service, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. Additionally, do not leave your device unlocked so that other individuals may access your device or account. Listen360 is not in control of your wireless connection or the devices you use to log into the Services, so you should make sure you trust the devices and connections you use to access the Services.
If you believe that you have experienced unauthorized access or use of your account, please contact us immediately at [email protected]
You may opt-out of receiving marketing communications from us by following the opt-out instructions we include in such communications. Any communications from us that are not Service-related or transactional in nature will offer you an “unsubscribe” option so that you can opt out of receiving such messages.
To the extent required by law, you may choose to opt out of sharing with any other parties with whom we may share your personal information; however, you may be unable to use the Services or certain features if you wish to limit such sharing.
For individuals residing in Designated Countries, please refer to the “Designated Countries Privacy Rights” section below.
Listen360 acknowledges the right of individuals to access their Personal Information. Note that Listen360 will require you to verify your identity prior to releasing any Personal Information.
Generally, you may access, correct, and/or delete your Personal Information as follows:
For individuals residing in Designated Countries, please refer to the “Designated Countries Privacy Rights” section below.
Note that use of the system delete function by a Client to remove any data related to Respondents or potential Respondents (such deleting a record or deleting feedback comments), or to remove any personal data about your company or its authorized Client Users, only restricts viewing that data from any system interface and prevents utilizing that data for any system function. It does not permanently delete the data from Listen360 systems. To have any personal data permanently deleted from Listen360 systems, you must make an official request in writing, to the address provided below or by emailing [email protected] that includes the specific information that you would like permanently deleted from Listen360 systems. Note that Listen360 will require you to verify your identity prior to executing any request to permanently delete data.
If you have any questions about your Personal Information or this policy, or if you would like to make a complaint about how Listen360 processes your personal data, please contact Listen360 by email at [email protected], or by using the contact details below.
If you are a California resident, you may request and obtain from us a list of what personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. California law provides that you have the right to receive the following information: (a) the categories of information we disclosed to third parties for the third parties’ direct marketing purposes during the preceding calendar year; and (b) the names and addresses of third parties that received such information, or if the nature of their business cannot be determined from the name, then examples of the products or services marketed.
You are entitled to receive a copy of this information in a standardized format and the information will not be specific to you individually. You may make such a request by emailing us at [email protected].
We do not intentionally gather information about individuals who are under the age of 18 or the age of majority in the country where they reside. If you are under the age of 18 or the age of majority you should not use our Services. If a Client, Client User, or Respondent submits personal information who is suspected of being younger than 18 years of age or the age of majority, we will require the Client, Client User, or Respondent to close his or her account and will not allow continued use of the Services. We will also take steps to delete the information as soon as possible, unless an exception applies. Please notify us if you know of any individuals under the age of 18 or age of majority using our Services so we can take action to prevent access to our Services.
This section only applies to users of our Service that are located in the European Economic Area, United Kingdom and/or Switzerland (collectively, the “Designated Countries”) at the time of data collection.
We may ask you to identify which country you are located in when you use some of the Services, or we may rely on your IP address to identify which country you are located in. When we rely on your IP address, we cannot apply the terms of this section to any individual that masks or otherwise hides their location information from us so as not to appear located in the Designated Countries. If any terms in this section conflict with other terms contained in this Policy, the terms in this section shall apply to users in the Designated Countries.
|Purposes of Processing||Legal Basis for Processing|
|– To Provide You with the Services
– To Enforce Our Terms, Agreements and Policies
– To Provide You with Service-related Communications
– For Security Purposes
– To Provide Customer Service
– Service Providers
– Business Transfers
|Processing is based on our contract obligations or to take steps at the request of the individual prior to entering into a contract.
|– Joint Marketing Partners and Social Media Platforms
– To Enhance Your Experience on the Services
– To Conduct Research and Development
– Business Transfers
|Processing is based on our legitimate interest to better understand you, to maintain and improve the accuracy of the information we store about you, and to better promote or optimize our Services.|
|– To Maintain Legal/Regulatory Compliance and to Prevent Fraud
– Compliance, Safety and Protection
|Processing is necessary for compliance with our legal obligations, the public interest, or in your vital interests.|
If you do not want us to use your personal information in this way, or to disclose your personal information to third parties for marketing purposes, please go to the email settings for your account to opt out, click an unsubscribe link in your emails, or contact us at [email protected] You can object to direct marketing at any time and free of charge.
If you would like to exercise your rights under applicable law, please contact us at [email protected]. We may seek to verify your identity when we receive an individual rights request from you to ensure the security of your personal information.
During the time which restriction of processing applies, we will only process your restricted personal information with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will inform you if or when the restriction is lifted.
Alpharetta, GA 30009
Attn: Information Security/Data Protection Officer
11605 Haynes Bridge Rd, Suite 150
Alpharetta, GA 30009
The term ‘Listen360’ or ‘us’ or ‘we’ refers to the owner of the website whose registered office is located in Alpharetta, Georgia, USA. The term ‘you’ refers to the user or viewer of our website.
1. The content of the pages of this website is for your general information and use only. It is subject to change without notice.
2. Neither we nor any third parties provide any warranty or guarantee as to the accuracy, timeliness, performance, completeness, or suitability of the information and materials found or offered on this website for any particular purpose. You acknowledge that such information and materials may contain inaccuracies or errors and we expressly exclude liability for any such inaccuracies or errors to the fullest extent permitted by law.
3. Your use of any information or materials on this website is entirely at your own risk, for which we shall not be liable. It shall be your own responsibility to ensure that any products, services, or information available through this website meet your specific requirements.
4. This website contains material which is owned by or licensed to us. This material includes, but is not limited to, the design, layout, look, appearance, and graphics. Reproduction is prohibited other than in accordance with the copyright notice, which forms part of these terms and conditions.
5. All trademarks reproduced in this website that are not the property of, or licensed to, the operator are acknowledged on the website.
6. Unauthorized use of this website may give rise to a claim for damages and/or be a criminal offense.
7. From time to time this website may also include links to other websites. These links are provided for your convenience to provide further information. They do not signify that we endorse the website(s). We have no responsibility for the content of the linked website(s).
Your use of this website and any dispute arising out of such use of the website is subject to the laws of the United States.