Crank Software Privacy Policy 

(May, 2018)

This Crank Software Privacy Policy (“Policy”) explains how Crank Software Inc. (“Crank,” “we,” or “us”) collects, uses, discloses, and protects personal information that applies to our software, documentation, developer resources or services (collectively, “Products”), including our related web-based resources and services (“Web Services”), as well as your choices about the collection and use of your personal information.

Crank's Privacy Policy is built upon the principles of the Personal Information Protection and Electronic Documents Act (PIPEDA) established by the Canadian Federal Government. It also takes into consideration the applicable requirements of the European Union’s General Data Protection Regulations (GDPR).

Crank acknowledges we are responsible for personal information collected under our control and in our possession. Crank has designated a Privacy Officer who is accountable for Crank’s compliance with this Policy and all applicable privacy laws. To maintain consistency and to ensure the security of personal information, all Crank partners and employees have been made aware of this Policy and have been advised of the responsibility for day-to-day compliance.

Information we collect and its use.

We collect the following types of information about you:

Information you provide us directly

We may ask for certain personal information (e.g., your username, first and last name, birthdate, phone number, e-mail address, mailing address and market sector) when you register your Product or when you correspond with us. We may event collect credit card and/or banking information depending on how you purchase our Products.

We may use this information in the course of developing, operating, maintaining and providing our Products and Web Services to you, including to corresponding with you, and addressing any issues you raise (e.g., in relation to training, technical support, maintenance or custom development services).

Information we may receive from third parties

We may receive personal information about you from third parties. For example, if you access our website or Web Services through a third-party connection (e.g., through the website of one of our distributors), that third party may pass certain information about you to Crank. This information could include (but is not limited to) information that you have permitted the third party to share with us.

Information we collect from you automatically

We may directly collect analytics data or use third-party analytics tools to help us measure traffic and usage trends for our Products or Web Services. These tools collect information sent by your browser or mobile device, including the pages you visit and other information that assists us in improving our software and services. We collect and use this analytics information in aggregate form such that it cannot reasonably be manipulated to identify any individual user.

Cookies information

When you visit our website, we may send one or more cookies — a small text file containing a string of alphanumeric characters — to your computer that uniquely identifies your browser and allows Crank to help you log in faster and enhance your navigation through the site. A cookie may also convey information to us about how you use our Web Services (e.g., the pages you view, the links you click and other actions you take) and allow us or our business partners to track your usage of such services over time.

You can control or reset your cookies through your web browser, which will allow you to customize your cookie preferences and to refuse all cookies or to indicate when a cookie is being sent. However, some features of our Web Services may not function properly if the ability to accept cookies is disabled.

Log file information

Log file information is automatically reported by your browser or mobile device each time you access our Web Services. When you use our web-based service, our servers automatically record certain log file information. These server logs may include anonymous information such as your web request, Internet Protocol (“IP”) address, browser type, referring / exit pages and URLs, number of clicks and how you interact with Web Service links, domain names, landing pages, pages viewed, and other such information.

Clear gifs/web beacons information

We may employ clear GIFs (also known as web beacons) to anonymously track the online Web Service usage patterns of our users. In addition, we may also use clear GIFs in HTML-based emails sent to our users to track which emails are opened and which links are clicked by recipients. This information allows us to more accurately understand and improve our Products and Web Services.

Device identifiers

When you access Web Services by or through a mobile device (including but not limited to smart-phones or tablets), we may access, collect, monitor and/or remotely store one or more “device identifiers” such as a universally unique identifier (“UUID”). Device identifiers are small data files or similar data structures stored on or associated with your mobile device, which uniquely identify your mobile device. A device identifier may be data stored in connection with the device hardware, data stored in connection with the device’s operating system or other software, or data sent to the device by Crank. A device identifier may convey information to us about how you browse and use our Web Services. A device identifier may remain persistently on your device, to help you log in faster and enhance your navigation through web-based services. Some features of Web Services may not function properly if use or availability of device identifiers is impaired or disabled.

Location data

When you access Web Services by or through a mobile device, we may access, collect, monitor and/or remotely store “location data,” which may include GPS coordinates (e.g. latitude and/or longitude) or similar information regarding the location of your mobile device. Location data may convey to us information about how you browse and use Web Services. Some features of the Web Services, particularly location-based services, may not function properly if use or availability of location data is impaired or disabled.

Employee and Partner Information

We collect personal information about our employees and partners to establish, manage or conclude employment or partnership relationships. In certain cases, Crank may also aggregate employee and partner personal information to provide business metrics and evaluate the effectiveness of our HR programs, but this aggregated information will not allow the identification of any individual.

Consent.

Crank will collect, use or disclose your personal information only with your knowledge and consent.  You always have the option not to provide your consent to the collection, use and distribution of your personal information, or to withdraw your consent at a later date. This can be done at any time and within reasonable notice by contacting info@cranksoftware.com.  

Where a customer chooses not to provide Crank with permission to collect, use or disclose personal information, we may not have sufficient information to continue providing them with Products or Web Services.

Where a partner, employee or candidate for employment chooses not to provide Crank with permission to collect, use or disclose personal information, we may not be able to employ them, continue to employ them or to provide them with benefits.

Consent for the collection of non-personal information, such as an employee's, partner’s or customer’s name, title, business address, business email or telephone number, collected in the process of payment fulfillment, delivery, product updates, terms and policy changes, or any other means to allow the supply of Products, or the performance of our obligations under associated software licenses or service agreements, may not be withdrawn.

How we use your information.

Personal information collected by Crank is limited to information necessary for us to deliver the needs and expectations of our customers, partners and employees so that we can provide Products, Web Services and operate our business.   

We use the information we collect about you for the following purposes:

• Providing you with our Products: We use information about you to provide our software, documentation, developer resources and services to you. This includes: allowing you to register your copy of Crank software and log in to your Crank account; operating and maintaining Web Services; and, giving you on-line access to webinars, video, literature and demo image libraries, developer forums, Product documentation and updates, and technical support. We also use information we collect about you automatically to remember information about you so that you will not have to re-enter it during your visit or the next time you visit the site.
• For data analytics: We use information about you to help us improve Crank’s Products, Web Services and our users’ experience, including by monitoring aggregate metrics such as total number of visitors, traffic, and demographic patterns.
• Customizing Web Services for you: We use information you provide us and information about you to customize the Web Services to your needs. For example, if you tell us your market sector we may recommend Products that are likely to be relevant to you.
• To communicate with you about the Products: We use your contact information to get in touch with you and to send communications about critical elements of our Products. For example, we may send you emails about updates, technical issues, security alerts or administrative matters.
• To promote and drive engagement with Crank’s software and services: We use your contact information to get in touch with you about features and offers relating to the Products that we think you would be interested in. We also use information we collect about you to make sure that you get the most relevant offers and promotions based on your use of the Products, and your preferences. You can opt-out of getting these communications as described below.
• To improve customer satisfaction: We use information about you, information that you provide to our support team, and information about your interactions with the Web Services to resolve technical issues you experience with the Products and Web Services, and to ensure that we can repair and improve our Products and Web Services for all Crank customers.
• For security measures: We use information about you to monitor activity that we think is suspicious or potentially fraudulent, and to identify violations of this Policy or the terms of our software license or service agreements.
• To administer HR and Partner programs: We collect information about employees and partners in order to pay wages and fees, comply with laws and regulations, provide employees with benefits, improve on and manage programs, policies and employee relations, and generally to establish, manage or terminate the employment or partnership relationship.
• For matters that you have specifically consent to: From time to time Crank may seek your consent to use your information for a particular purpose. Where you consent to our doing so, we will use it for that purpose. Where you no longer want us to use your information for that purpose you may withdraw your consent to this use.
• For matters that we are required to use your information by law: Crank will use or disclose your information where we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) to enforce our software license or service agreements or to protect the security or integrity of our Products or Web Services; and/or (c) to exercise or protect the rights, property, or personal safety of Crank, our employees, our customers, our partners or others.

We will only use or disclose personal information for the purposes for which it was initially collected for and for reasons outlined within this Policy.  If Crank intends to use your personal information for any purpose not previously identified to you, we will obtain your prior consent.

Legal bases for processing information under the GDPR (for users in the EEA).

For Crank customers in the European Economic Area (EEA), Crank processes your personal information in accordance with European laws and regulations such as the General Data Protection Regulation. The GDPR governs how Crank may process your personal information, and the rights that EEA users have in relation to it. This means that Crank will collect and use your personal information only where:

• We need it to provide you with the Products or Web Services and to fulfill our obligations to you under our software license and service agreements;
• It is justified because of a legitimate interest, such as for research and development, maintenance and support, or marketing the Products or Web Services (but only where our legitimate interest isn’t overridden by your interest in protecting your intellectual property rights or confidential information);
• You consent to us using your information in a certain way; or
• It is necessary for compliance with our legal obligations.

If you have consented to our use of your personal information you may withdraw that consent at any time by clicking on the “unsubscribe link” provided in email communications or by sending an email to info@cranksoftware.com. Where we are using your information because of a legitimate interest to do so, you have the right to object to that use. However, if you do so it may mean that it is not possible for you to continue using our Products or Web Services.

Sharing your information.

We will not rent or sell your personal information to third parties outside of Crank and its group companies (including any parent, subsidiaries and affiliates) without your consent, except as noted in this section:

Who we may share your information with.

We may share your information with third-party distributors or service providers for the purpose of providing Products to you and to facilitate Crank’s interests, as outline above. These Crank business partners will only be provided with access to your personal information that is reasonably necessary for the purpose(s) for which Crank has authorized or engaged them, and we will require  such third parties to comply with this Policy and any applicable laws.

Some of Crank’s third-party business partners with whom we may share your personal information include distributors or contractors who assist Crank with activities such as:

• Training,
• Custom software development,
• Customer support and management,
• Email services,
• Hosting and storage services,
• Analytics, and
• Delivery of physical products.

We may share some of your personal information with these business partners, but only as necessary to provide the Products or Web Services to you, or to fulfil Crank’s legitimate business interests.

Crank may also share your information with other third parties in certain circumstances, such as where:

• we are required to do so as a result of a court order, subpoena or other legal requirement;
• we believe that it is necessary to protect you or Crank, such as where we consider that there is a need to investigate potentially fraudulent or criminal activity; or
• you have consented to our sharing it with a third party for a particular purpose.

Crank may share your information with third parties in circumstances where we sell divest or transfer Crank (including any shares in Crank), or any combination of its products, services, assets and/or businesses to a third party. Information such as customer names and email addresses, User Content (as defined below) and other user information related to the Products or Web Services may be among the items sold or otherwise transferred in these types of transactions. We may also sell, assign or otherwise transfer such information in the course of completing corporate divestitures, mergers, acquisitions, bankruptcies, dissolutions, re-organizations, liquidations, similar transactions or proceedings involving all or a portion of Crank.

If we sell our business, any of the information we have acquired about you may be part of the sale.

We may also aggregate or otherwise strip data of all personally identifying characteristics and may share that aggregated, anonymized data with third parties.

Who you may choose to share your User Content with.

Any information or content that you voluntarily disclose for posting to Web Services, such as user comments or content (“User Content”), becomes available to the public, as controlled by any applicable privacy settings. Subject to your profile and privacy settings, any User Content that you make public is searchable by other users. If you remove information that you posted, copies may remain viewable in cached and archived pages, or if other users have copied or saved that information.

By default, all content you send to support@cranksoftware.com is private. If you do choose to make any User Content or other information public (e.g., on the Storyboard Suite Community Forum), that information may remain visible even after your remove it via cached and archived pages, or if other users have made copies.

How we transfer, store and protect your data

Your information collected by Crank may be stored and processed in Canada, the United States or any other country in which Crank or its subsidiaries, affiliates or service providers maintain facilities. Crank may transfer information that we collect about you, including personal information, to affiliated entities, or to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world. As a result, we may transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction, and you consent to the transfer of information to Canada, the U.S. or any other country in which Crank or its parent, subsidiaries, affiliates or service providers maintain facilities and the use and disclosure of information about you as described in this Policy.

Cross-border transfers of information (for users in the EEA).

For Users in the EEA, where we transfer your information to a third-party provider that is not located in the EEA, and is not subject to an adequacy decision by the EU Commission, we will require those third party providers to enter into an agreement that provides appropriate safeguards for your information. From time to time we may also seek your consent to transfer your information to a third country outside the EEA.

Keeping your information safe.

Crank cares about the security of your information and uses appropriate safeguards to preserve the integrity and security of all personal information it collects. Crank uses physically secure facilities, industry standard security tools and practices, and clearly defined internal policies and practices. Security measures are in place to protect the loss, misuse and alteration of the personal information under our control. Personal information is stored in secure environments that are not available to the public (e.g., restricted access premises, locked rooms and filing cabinets). To prevent unauthorized electronic access to personal information, any information that is stored in electronic form is protected in a secure electronic and physical environment.

To protect your privacy and security, we take reasonable steps (such as requesting a unique password) to verify your identity before granting you access to your account. You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to your email communications from Crank. However, Crank cannot ensure or warrant the security of any information you transmit to Crank or guarantee that information on the Web Services may not be accessed, disclosed, altered, or destroyed.

Accuracy.

Crank will endeavor to maintain the accuracy of your personal information, and may from time to-time ask customers, partners and employees to update their personal information.  Crank will keep your personal information as accurate, complete and up-to-date as necessary for the purposes for which it was collected.

Compromise of information.

If any information under our control is compromised because of a breach of security, Crank will take reasonable steps to investigate the situation and where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.

Your choices about your information.

You control your account information and settings.

You may update your account information by logging into your account and changing your profile settings. You can also stop receiving promotional email communications from us by clicking on the “unsubscribe link” provided in such communications. We make every effort to promptly process all unsubscribe requests. You may not opt out of Web Services-related communications (e.g., account verification, purchase and billing confirmations and reminders, changes/updates to features of the Web Services, technical and security notices). If you have any questions about reviewing or modifying your account information, you can contact us directly at info@cranksoftware.com.

Opting out of collection of your information for Tracking / Advertising.

Please refer to your mobile device or browser’s technical information for instructions on how to delete and disable cookies, and other tracking/recording tools. Depending on your type of device, it may not be possible to delete or disable tracking mechanisms on your mobile device. Note that disabling cookies and/or other tracking tools prevents Crank or its business partners from tracking your browser’s activities in relation to the Web Services. However, doing so may disable many of the features available through the Web Services. If you have any questions about opting out of the collection of cookies and other tracking/recording tools, you can contact us directly at info@cranksoftware.com.

Rights in respect of your Information.

The laws of some countries grant particular rights in respect of personal information. Users in those jurisdictions may have the right to:

• Request a copy of your information;
• Request that we correct inaccuracies relating to your information;
• Request that your information be deleted or that we restrict access to it;
• Request a structured electronic version of your information; and
• Object to our use of your information;

Should you wish to make a request in respect of your personal information, or for requests relating to rights under the GDPR, please contact us at info@cranksoftware.com.

In some circumstances Crank may not be able to comply with a request that you make in respect of your personal data. For example, we may not be able to provide a copy of your information where it contains references to other individuals, infringes on the rights of another party, or is subject to solicitor-client or litigation privilege. We may also be required to retain certain information that you ask us to delete for various reasons, such as where there is a legal requirement to do so. In some cases, you may have shared your information with third parties, such as by publishing User Content in a discussion forum. In that case Crank will not be able to delete the information, and you will need to contact that third party directly.

If we are unable to resolve your request, or if you are concerned about a potential violation, you may be entitled to report the issue or make a complaint to the data protection authority in your jurisdiction.

How long we keep your information.

Following termination or deactivation of your user account, Crank may retain your profile information and User Content for a commercially reasonable time, and for as long as we have a valid purpose to do so. In particular, Crank may retain your information for the purpose of comply with its legal and audit obligations, and for backup and archival purposes.

In compliance with professional standards, Crank may maintain records of the Products delivered or other work performed by Crank employees and partners. This record may include personal information and will be retained until such records are no longer reasonably required for legal, administrative, audit or regulatory purposes.

Crank retains personal information about current and past employees and partners in accordance with standard financial auditing practices and employment laws and standards. Crank will destroy human resource and other files containing employee or partner personal information when such information is no longer reasonably required for legal, administrative, audit or regulatory purposes.

Links to other websites and services.

We are not responsible for the practices employed by websites or services linked to or from the Web Services, including the information or content contained therein. Please remember that when you use a link to go from the Web Services to another website, our Privacy Policy does not apply to third-party websites or services. Your browsing and interaction on any third-party website or service, including those that have a link on our website, are subject to that third party’s own rules and policies. In addition, you agree that we are not responsible for and we do not exercise control over any third-parties that you authorize to access your User Content. If you are using a third-party website or service and you allow such a third-party access to your User Content you do so at your own risk. This Policy does not apply to information we collect by other means (including offline) or from other sources other than through the Web Services.

How to contact us.

If you have any questions about this Policy or any Products or Web Services, please contact us at info@cranksoftware.com.