Shippable Hosted Privacy Policy

Shippable Inc., a Delaware corporation ("Shippable", “we” or “us”), is providing this Privacy Policy to inform users of our website at https://www.shippable.com (including all subdomains, the “Website”) and our Software-as-a-Service platform (the “Service”), of policies regarding the collection, use and disclosure of personal data and other information.

The Shippable platform has been designed with the goal of collecting as little personal data as possible to function. By “personal data”, we mean all particulars related to an identified or identifiable natural person (the “data subject”). The following statements describe which types of data we collect when you use our services, what happens with this data, and how you can object to this data collection and processing, where applicable.

Any information we collect is used to improve the quality and content of our Website and Service, and is not shared with or sold to other organizations for commercial purposes, except to provide products or services you've requested, when we have your permission, or if required by law.

By using or accessing the Website or the Service and providing us with your Personal Data, you are accepting the terms described in this Privacy Policy now, and as amended by us. If you have any questions or comments about this Privacy Policy, please contact us at support@shippable.com.

Information We Collect


Information You Provide Us

When you interact with the Website or the Service, Shippable may gather information that, alone or in combination with other information, could be used to identify you (“Personal Data”), as described below. If you are an EU data subject, please see the “EU Data Subject” section below for information on your rights in relation to the Personal Data we hold about you.

a) Personal Data used to provide the Service

When users sign up for the Service, we use their source control system identity (Github or Bitbucket) to authenticate them. We use OAuth to authenticate users, so your source control system provides you with the option to authorize the Shippable service to access certain Personal Data, such as email address(es). If you sign up for a paid account, we will collect a billing email address where we can contact you regarding any billing discrepancies and send invoices. Optionally, we also collect an email address where we can send Service updates or reminders about your account.

We use this data to provide you with access to the Service and/or the Website, contact you regarding your use of the Service and Website, or to notify you about important changes to the Service.

On some sections of the Website, you may submit a web form to give some Personal Data to us directly, such as on our “Contact Us” and "Enterprise" pages. We also collect Personal Data (such as your name and contact details, phone number) when you request information, including a product demo, ask to download content (such as whitepapers), register for a webinar or other event, or subscribe to email lists.

Shippable collects Personal Data that you provide through the Service, only if necessary or appropriate to fulfill the purpose of your use of the Service. You can always refuse to supply Personal Data, however doing so may prevent you from accessing the Service or engaging in certain activities on the Website or the Service.

b) Personal Data used to process applications for employment

When you apply for a job with Shippable, we will collect your resume and any additional information that you provide to us, including but not limited to employment history and education. We will use your contact details and data about your employment history and education to conduct activities needed for recruitment.

c) Personal Data used for marketing

We will use your email to inform you about your Service usage, new features, solicit your feedback, or just keep you up to date with what’s going on with Shippable. If you download content from the Website, we may send you an email and also use your phone number to contact you directly by phone, in connection with such new products and services.

All users who sign in to the Service, including EU data subjects, implicitly consent to receiving marketing and Service related information by email. You have the right to withdraw this consent at any time by following instructions to unsubscribe from our emails. You can also send us an email at support@shippable.com to withdraw your consent. Please note that if you opt out from marketing communications, we may still contact you regarding issues related to our Service and to respond to your requests.

Automatically Collected Information


When you visit the Website or Service, our server temporarily saves details of your access in logs. These logs contain data such as:

  • The IP address of the computer making the request
  • The date and time of your request
  • The requested URI
  • The amount of data transferred to you in response
  • Whether the request was successfully processed or not
  • Identifying data about the browser and operating system you use

The purpose of recording this data is to make it possible to serve the Website and Service to you (by establishing a TCP/IP connection), to secure our servers, the technical administration of our infrastructure as well as the optimisation of our services. Only in the case of unauthorised access or attacks on our infrastructure will your IP address be analysed.

Cookies Policy

In addition, cookies will be saved on your computer when you use our website. Cookies are small pieces of textual data which are saved on your hard disk by your web browser, through which Shippable can collect certain information about you.

We use cookies to record current session information, but do not use permanent cookies. You are required to re-login to your source control system account after a certain period of time has elapsed to protect you against others accidentally accessing your account contents.

The placement of cookies on your computer can be prevented through the settings of your web browser. You can also delete existing cookies through the settings of your browser.

Securing your Data


In order to secure your data, we have put measures in place which meet the requirements of the GDPR, and require any third-party service providers we use to do the same.

When we use third parties to provide any services, for example for email, billing, and infrastructure service providers, these third parties are only engaged after a comprehensive review. This review carefully considers each third party’s competence as well as their technical and organisational data protection measures. Your data is only ever saved on secure servers, which may only be accessed by a few authorised personnel.

Information We Process On Behalf Of Our Customers


In providing the Service to our customers, we process on behalf of customers certain information that may include Personal Data, relating to customers’ employees, contractors or other users (“Users”) they transmit or otherwise submit to our Service. While our customers or Users decide what data to submit, this information typically includes email address and information relating to tests results.

Data Retention


We will retain Personal Data that our customers provide to us through the Service for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. We will retain Personal Data that we process on behalf of our customers for the duration set forth in the applicable customer contract or as otherwise instructed by the customer.

Support forum


If you submit an issue in the public Support forum, you should be aware that any Personal Data you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the Personal Data you choose to submit in these forums.

Disclosure Of Personal Data


Shippable discloses Personal Data only to those of its employees, contractors, and service providers that (1) need to know that data in order to perform certain services and functions on Shippable's behalf and (2) have agreed to data protection and confidentiality obligations requiring to protect data. Third-party service providers include: (i) providers of payment processing, customer support services and hosting (which support us in the provision of the Service and maintenance of the Website), (ii) web analytics service providers (which help us collect statistics and other information, including through cookies, about the behavior of users of the Website and the Service - for more details, please see the “Cookies” section above); (iii) marketing and sales automation tools that allow us to manage marketing and sales processes; (iv) phone and chat communication tools that allow us to communicate with prospects and customers; (v) integration tools that allow us to capture data in one platform and send it to another; (vi) survey and poll tools that allows us to capture information about our Service or Website; and (vii) event and meeting platforms that allow us to host and manage virtual and in-person events. Pursuant to our instructions, these parties may access, process or store Personal Data in the course of performing their duties to us and only as necessary to provide the services we request.

Shippable may also disclose Personal Data when required to do so by law, such as to comply with a subpoena, bankruptcy proceedings, or similar legal process, or in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, or when Shippable believes in good faith that disclosure is reasonably necessary to protect the property or rights of Shippable, third parties, or the public at large.

Shippable may disclose Personal Data in connection with a merger, acquisition, or sale of all or a portion of its assets (a “Corporate Transaction”). If Shippable is involved in a Corporate Transaction, you will be notified either via email and/or a prominent notice through the Service of any change in ownership or uses of your Personal Data, as well as any choices you may have regarding your Personal Data or we will require any such buyer to agree to treat your Personal Data in accordance with this Privacy Policy.

EU Data Subjects


Scope

This section applies if you are an EU data subject (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein, Norway and, where applicable, Switzerland).

Data Controller

Shippable is the data controller of Personal Data provided to, or collected by or for, our Website and the Service, but we may act as data processor on behalf of our customers for Personal Data that we process on their behalf when providing the Service.

Your Rights

Subject to applicable law, you have the following rights in relation to your Personal Data:

  • The right to access your personal data
  • The right to correct or delete your personal data
  • The right to restrict processing of your personal data
  • The right to object to the processing of your personal data
  • The right to data portability
  • The right to confirm whether your personal data is being processed or not.

Legitimate Interest

“Legitimate interests” means the interests of Shippable in conducting and managing our organization. For example, we have a legitimate interest in processing your Personal Data to analyze how the Website and the Service are being used by you, and to ensure network and information security, as described in this Privacy Policy. When we process your Personal Data for our legitimate interests, we make sure to consider and balance any potential impact on you, and your rights under data protection laws. Our legitimate interests do not automatically override your interests. We will not use your Personal Data for activities where our interests are overridden by the impact on you, unless we have your consent or those activities are otherwise required or permitted to by law. You have the right to object to processing that is based on our legitimate interests. For more information on your rights, please see “Your Rights” section above.

Data Retention

We will keep your Personal Data only for as long as is reasonably necessary for the purposes outlined in this Privacy Policy, or for the duration required by law, whichever is the longer.

How you can exercise your rights

Should you wish to exercise any of these rights, you will need to provide proof of identification that you are the person to whom the data relates. The data you will receive includes data we have related to you, the source of that data, the recipients, or types of recipients to whom the data was transferred, and the purposes for which the data was stored. To exercise these rights, please contact us at support@shippable.com.

Changes


We will notify you of any significant changes to this privacy policy by placing a prominent notice on our site.

Questions?


Please contact us at support@shippable.com if you have any questions about this Privacy Policy.

Last updated


This policy was last updated on 24th May, 2018.