Where applicable, a separate agreement may govern the delivery, access, and use of the Platform, Services and Mobile Apps (the “Client Agreement”), including the processing of Personal Information and data submitted through employer-based accounts (“Clients”). The Client that entered into the Client Agreement with Bito may authorize Us to collect, process, and store your personal information and associated Client data. If you have any questions about specific Platform settings or what information Bito has been authorized by Client to process on your behalf, you may contact Bito at the contact information in this notice or your Client administrator for the Platform you use.
Information We Collect and Receive About You and How We Use It
Information You Provide Us:
Personal Information. When using the Site, Platform, or Services, you may choose to provide Us with certain Personal Information, such as your name, photograph, employment details, email address, phone number, and other contact information. This information is used to: (i) provide login information to the Platform as well as to carry out Platform processing functions and the Services Bito has been contracted to provide by Client; (ii) communicate with you by responding to your requests, comments and questions; (iii) improve the Site; and (iv) perform various account functions provided by Bito. The GDPR legal basis for processing this information is: (a) the legitimate interest in communicating with you and improving Our Site; and (b) the contractual obligation to perform the Services.
Contact Information When you express an interest in obtaining additional information about the Site, Platform, or Services, Bito may ask you to provide your personal contact information, such as your name, email address, and phone number. This information is used to communicate with you by responding to your requests, comments, and questions. The GDPR legal basis for processing this information is the legitimate interest in communicating with you and answering your questions.
Device Information. When using the Platform, We may request access to your device’s camera and photo storage. This allows you to take and upload pictures and such access would only be used in ways you choose. You may at any time revoke access at the device level. We do not access your device’s camera and photo storage without your permission. We use mobile analytics software to allow Us to better understand the functionality of Our Platform on your phone or computer. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information We store within the analytics software to any Personal Information you submit within the Platform. When you download or access the Platform, We automatically collect your device information such as operating system version, type, hardware usage statistics, etc. The GDPR legal basis for processing this information is the contractual obligation to your employer to perform the Services.
Location Information. We do not ask you for, access, or track any location based information from your mobile device at any time while downloading or using the Platform.
Log Data. As is true of most websites and platforms, We gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on Our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site. The GDPR legal basis for processing this information is the legitimate interest in improving the relevance of Our Site.
Single Sign-On. You can log in to Our Platform using sign-in services such as Log in With Google or an Open ID provider. These services will authenticate your identity and provide you the option to share certain Personal Information with Us such as your name and email address to pre-populate Our sign-up form.
Blog, Testimonials, and Referrals. Our Site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. We display personal testimonials of satisfied customers on Our Site in addition to other endorsements. With your consent, We may post your testimonial along with your name. In addition to your other rights, if you wish to update or delete your testimonial, you can contact Us at info@Bito.co. if you choose to use Our referral service to tell a friend about our Site, We will ask you for your friend’s name and email address. You must have the consent of your friend before using this service. We will automatically send your friend a one-time email inviting them to visit the Site. Bito stores this information for the sole purpose of sending this one-time email and tracking the success of Our referral program In addition to their other rights, your friend may contact Us at info@Bito.co to request that We remove this information from our database. The GDPR legal basis for processing this information is your consent.
Information Related to Data Collected for Our Clients Collection and Use in Providing the Services. When acting as a service provider, Bito collects information under the direction of its Clients. The Client Agreement may govern the delivery, access, and use of the Platform and Services, including the processing of Personal Information and data submitted through Client accounts. The Client (e.g., your employer) controls their Platform and any associated Client data. If you have any questions about specific Platform settings, the processing of Personal Information in the Platform, or its privacy practices, please contact the Client administrator of the Platform you use.
Bito also uses other information in furtherance of Our legitimate interests in operating Our Site, Platform, and Services.
How, and With Whom, Your Information Is Shared
Third Party Services. At times, you may be able to access other Third-Party Services through the Site, for example by clicking on links to those Third-Party Services from within the Site. Bito is not responsible for the privacy policies and/or practices of these Third-Party Services, and you or your employer acting as a Bito Client are responsible for reading and understanding those Third-Party Services’ privacy policies.
Information Shared with Our Service Providers. We may share your information with third parties who provide services to Us. These third parties are authorized to use your Personal Information only as necessary to provide these services to Us. These services may include but are not limited to the provision of: (i) email services to send marketing communications; (ii) customer service or support; and (iii) providing cloud computing infrastructure.
Information Shared with Our Sub-Processors.We employ and contract with people and other entities that perform certain tasks on Our behalf and who are under Our control such as an email service providers to send emails on Our behalf and customer support providers (Our “Sub-Processors”). We may need to share Personal Information with Our Sub-Processors in order to provide Services to you. Unless We tell you differently, Our Sub-Processors do not have any right to use Personal Information or other information We share with them beyond what is necessary to assist Us in the provision of Services on your or Client’s behalf. Transfers to third parties are covered by subprocessor agreements between Bito and each Sub-Processor. A list of Bito Sub-Processors that process Personal Information of individuals located in the EU can be found here.
We require all third parties to respect the security of your Personal Information and to treat it in accordance with applicable laws. We do not allow third party service providers and Sub-Processors to use your Personal Information for their own purposes and only permit them to process your Personal Information for specified purposes in accordance with Our instructions or the provision of services on Bito’s behalf.
We will retain your Personal Information and the Personal Information We process on behalf of Our Clients for as long as your account is active or as needed to provide Services to Our Clients in accordance with Bito data retention policies, and as necessary to comply with Our legal obligations, resolve disputes, and enforce Our agreements. You may request removal of your Personal Information at any time by contacting privacy@Bito.co.
The security of your Personal Information and Our Clients’ information is important to Us. We put in place appropriate technical and organizational measures to ensure your Personal Information is kept secure and protected from unauthorized access, use, disclosure, alteration or destruction, in accordance with applicable laws and regulations. When you enter sensitive information (such as login credentials), We encrypt the transmission of that information using Transport Layer Security (TLS). We follow generally accepted standards to protect the Personal Information submitted to Us, both during transmission and once We receive it. When We share your Personal Information with Sub-Processors or other third-party service providers, We base our selection on said parties having adequate safeguards in place that meet Our data protection standards. We may audit their compliance with such standards and incorporate contractual provisions ensuring compliance with (i) such standards and (ii) applicable data privacy laws and regulations.
If you have any questions about security on Our Site, you can contact Us at info@Bito.co.
European Data Privacy
International Transfer of Personal Information: Privacy Shield, and Contractual Terms
Certain European Union residents have additional privacy rights as provided in the GDPR. For such residents, Bito will collect, process, and store your personal information strictly in accordance with the GDPR. The GDPR further governs the transfer of subject personal information from the certain European Area countries outside of the European Union. Bito is based in the U.S., the Site and Platform servers are hosted in the U.S., and many of Bito’s suppliers and Sub-Processors are also based in the U.S. or otherwise outside of the European Union. In providing your Personal Information to Bito, your Personal Information will be sent to the U.S. (or otherwise outside of the European Union). In such cases, Bito will transfer such data in accordance with the GDPR and the following transfer mechanisms:
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
Bito participates in the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view Our certification, visit the U.S. Department of Commerce’s Privacy Shield List.
Bito is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Bito complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Bito is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, We may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern please contact privacy@Bito.co.
Under certain conditions, more fully described on the Privacy Shield
Website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
European Union Model Clauses. Bito also enters into European Union Model Contractual Clauses, also known as Standard Contractual Clauses, with its Clients to meet the adequacy, privacy, and security requirements for Our Clients that operate in the European Union, and other international transfers of Client data.
Rights with Regard to Your Personal Information
In addition to the lawful transfer, processing and storage of your Personal Information, the GDPR gives certain European Union members additional rights over Our use of your Personal Information. Bito respects your control over your information and, in the event that you have provided Personal Information to Us in your use of the Site, We will provide you with information about whether We hold any of your Personal Information as We detail below. You may access, correct, or request deletion of your Personal Information by contacting Us at privacy@Bito.co. We will respond to your request within a reasonable timeframe.
As a preliminary matter, when acting as a service provider of Our Clients, Bito may have no direct relationship with the individuals whose Personal Information is provided to Bito through the Platform and Services. An individual who is or was employed by one of Our Clients and who seeks access to, or who seeks to correct, amend, object to the processing or profiling of, or to delete their Personal Information in the Platform, should direct the query to their employer’s HR department if they cannot make the appropriate changes via its access to the Platform provided by the Client.
If located in the European Economic Area (“EEA”), you have the following rights regarding your Personal Information We control:
Right of Access. You can request details of your Personal Information We hold. We will confirm whether We are processing your Personal Information and We will disclose additional information including the types of Personal Information, the sources it originated from, the purpose and legal basis for the processing, the expected retention period and the safeguards regarding data transfers to non-EEA countries, subject to the limitations set out in applicable laws and regulations. We will provide you free of charge with a copy of your Personal Information but We may charge you a fee to cover Our administrative costs if you request further copies of the same information.
Right of correction. At your request, We will correct incomplete or inaccurate parts of your Personal Information, although We may need to verify the accuracy of the new information you provide to Us.
Right to be forgotten. At your request, We will delete your Personal Information if:
1. it is no longer necessary for Us to retain your Personal Information;
2. you withdraw the consent which formed the legal basis for the processing of your Personal Information;
3. you object to the processing of your Personal Information (see below) and there are no overriding legitimate grounds for such processing;
4. the Personal Information was processed illegally;
5. the Personal Information must be deleted for Us to comply with Our legal obligations.
We will decline your request for deletion if processing of your Personal Information is necessary: (i) for Us to comply with Our legal obligations; (ii) for the establishment, exercise or defense of legal claims; or (iii) for the performance of a task in the public interest.
Right to restrict processing.
At your request, We will restrict the processing of your Personal Information if:
1. you dispute the accuracy of your Personal Information;
2. your Personal Information was processed illegally and you request a limitation on processing rather than the deletion of your Personal Information;
3. We no longer need to process your Personal Information, but you need your Personal Information in connection with the establishment, exercise or defense of a legal claim; or
4. you object to the processing of your Personal Information (see below) pending verification as to whether an overriding legitimate ground for such processing exists.
We may continue to store your Personal Information to the extent required to ensure that your request to restrict processing is respected in the future.
Right to data portability..
• At your request, We will provide you free of charge with your Personal Information in a structured, commonly used and machine readable format, if:
1. you provided Us with your Personal Information;
2. the processing of your Personal Information is required for the performance of a contract; or
3. the processing is carried out by automated means.
Right to object. Where We rely on Our legitimate interests (or that of a third party) to process your Personal Information, you have the right to object to this processing on grounds relating to your particular situation if you feel it impacts on your fundamental rights and freedoms. We will comply with your request unless We have compelling legitimate grounds for the processing which override your rights and freedoms, or where the processing is in connection with the establishment, exercise or defense of legal claims. We will always comply with your objection to processing your Personal Information for direct marketing purposes.
Right not to be subject to decisions based solely on automated processing. You will not be subject to decisions with a legal or similarly significant effect (including profiling) that are based solely on the automated processing of your Personal Information, unless you have given Us your explicit consent or where they are necessary for the performance of a contract with Us.
Right to withdraw consent. You have the right to withdraw any consent you may have previously given Us at any time. In order to exercise your rights in this section We may ask you for certain identifying information to ensure the security of your Personal Information. To request to exercise any of the above rights, please contact Us at privacy@Bito.co. We will respond to your request within 30 days or provide you with reasons for the delay.
Usually, We will not charge you any fees in connection with the exercise of your rights. If your request is manifestly unfounded or excessive, for example, because of its repetitive character, We may charge a reasonable fee, taking into account the administrative costs of dealing with your request. If We refuse your request We will notify you of the relevant reasons.
In so far as practicable, We will notify Our Clients and third parties to whom We have disclosed your Personal Information with any correction, deletion, and/or restriction to the processing of your Personal Information. Please note that We cannot guarantee our Clients or other third parties will comply with your requests and We encourage you to contact them directly.
Please note that if you decide to exercise some of your rights, We may be unable to perform the actions necessary to achieve the purposes set out above or you may not be able to use or take full advantage of the Site, Platform, and Services.
If you are not satisfied with Our response, you have the right to complain or seek advice from a supervisory authority and/or bring a claim against Us in any court of competent jurisdiction.
You may choose to opt in to receive occasional email and other communications from Us, such as communications relating to promotions. You may opt out of receiving such communications at any time by using the “Unsubscribe” link found in such emails, or by emailing Us at info@Bito.co . In the context of Us providing you marketing, We may analyze your preferences to make sure the information We provide you is relevant.
California Data Privacy
California residents have certain privacy rights as specified under California law, including the California Consumer Privacy Act of 2018 (“CCPA”). If you are a resident of California, you have the right to know what personal information has been collected about you, and to access that information. You have the right to request deletion of your personal information, though exceptions under the CCPA may allow Bito to retain and use certain personal information notwithstanding your deletion request.
Bito collects various categories of personal information when you or your employer use the Bito Platform or Services, including location information, log data, tracking information, health information, and personal information related to your employment. A more detailed description of the information Bito collects and how we use it is provided above in the sections entitled: Information We Collect and Receive About You and How We Use It, Other Information, and How, and With Whom, Your Information Is Shared .
In addition to Our collection of your Personal Information, Bito may engage certain third parties to perform a function or provide services to you on behalf of Bito including hosting and maintenance, error monitoring, debugging, performance monitoring, billing, customer and account relationship management, database storage and management, and direct marketing campaigns. Bito may share your Personal Information with these third parties, but only to the extent necessary to perform these functions and provide such services. Bito requires these third parties to maintain the privacy and security of the Personal Information they process on our behalf.
Bito does not sell your Personal Information when you use the Bito Platform or when you use a Bito Service and will not do so in the future without providing you with notice and an opportunity to opt-out of such sale as required by law. Bito does not offer financial incentives associated with the collection, use, or disclosure of your personal information.
Bito will not discriminate against you for exercising any of your CCPA rights. To this end, unless permitted by the CCPA, Bito will not:
- Deny you access to the Bito Platform or Services;
- Charge you a different price or rate for the Platform or Services, including the granting of discounts or other incentives;
- Provide a different or downgraded Platform or Service;
- Suggest that you may receive a different price or rate for the Bito Platform or its Services or a different or downgraded Platform or Service;
To exercise your rights under the CCPA please submit a verifiable consumer request to Bito by either calling Bito at [WE NEED TO GET A 1-800 NUMBER ] by or emailing us at privacy@Bito.co . Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may only make a verifiable consumer request for access to your data twice within a twelve (12) month period. Your verifiable consumer request must:
- Be made by a natural person;
- Provide sufficient information to allow Bito to reasonably verify your identity and that you are the person about whom we collected personal information, or you are an authorized representative;
- Describe your request with sufficient detail that allows Bito to properly understand, evaluate, and respond to your request.
In certain cases, Bito collects and processes personal information on you at the contractual obligation of your employer. In order to respond to a verified request, Bito may be required to provide notice to your employer of your request, and to follow your employer’s instructions as they relate to carrying out your request. Bito cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. Making a verifiable request does not require you to create an account, but we may ask you to verify your request by logging into your account if you have one. We will only use personal information provided by a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Contacting Bito If You Have Questions or Concerns