Privacy Shield Statement

Back to Terms of Service

Privacy Shield Statement

Concentric Sky, Inc. (“we,” “us,” or “our”) participates in and commits to adhering to the U.S. Department of Commerce’s EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework (collectively “Privacy Shield”) regarding the collection, use, onward transfers, and retention (the “Principles”) of personal data received from the European Economic Area (“EEA”).  This Privacy Shield Statement (“Statement”) outlines how we comply with Privacy Shield with respect to the personal data that we collect through our websites (www.badgr.io, www.badgr.com, www.badgr.org, and www.badgerank.org) and our mobile Badgr application (collectively “Badgr”).  For more information regarding our Privacy Shield certification, please click here.

When we use the term “personal data” in this Statement, we are referring to any information that is (i) recorded in any form; (ii) about an identified or identifiable individual; and (iii) received by us from the EEA.

  1. OUR DATA PROCESSING ACTIVITIES.  We collect personal data related to Badgr site visitors, Badgr users with registered accounts, Badge earners, and other users.  The scope and purposes of our processing activities vary according to the service and whether we are acting as a controller or as a processor, but typically include providing our business and consumer services; billing and payments; customer service and support; communications and marketing; analytics to inform and improve our services; and other internal purposes.

  2. PRINCIPLES.

    2.1 Notice and Choice.  Our Privacy Policy provides notice of our collection and processing of personal data, including a description what personal data we collect, the purpose and use of personal data, the types of third parties with whom we may share personal data (and the reasons we do), your right to access such personal data, your choices about limiting the use and disclosure of personal data, and other information consistent with the Principles.  If you are a registered user, we may act as a processor of the personal data that you provide or make available to us and you are responsible for ensuring that third parties are provided with appropriate notice and choice with respect to their personal data.

    2.2 Disclosures and Onward Transfers.  We may transfer or otherwise disclose personal data to third-party service providers who perform various functions on our behalf as described in our Privacy Policy.  When required under applicable law, we enter into agreements with those third-party service providers requiring them to provide the same level of protection that Privacy Shield requires and limiting their use of such information to the specific services provided on our behalf. We take reasonable and appropriate steps to ensure that third-party service providers process personal data in accordance with our Privacy Shield obligations and to stop any unauthorized processing.  Under certain circumstances, we may remain liable for the acts of our third-party service providers who perform services on our behalf for their handling of personal data that we transfer to them.  In some cases, as described in our Privacy Policy, we may transfer personal data to third-party data controllers.  We will not provide your personal data to third-party data controllers if you choose to opt-out of such disclosures.  When required under applicable law, we enter into agreements with any third-party data controllers requiring them to provide the same level of protection for personal data the Privacy Shield requires.  We may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

    2.3 Data Security.  We use reasonable and appropriate security measures to protect personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction, taking into account the nature of the personal data and the risks involved in processing that information.

    2.4 Data Integrity and Purpose Limitation.  We process personal data in a manner that is compatible with and relevant to the purpose for which it was collected or authorized by you. Where we receive personal data from a registered user, such registered user determines those purposes. We take reasonable steps to ensure that personal data is accurate, complete, current and reliable.

    2.5 Access.  Our Privacy Policy explains how you may access and/or submit requests to review, correct, update, or delete personal data.  We may limit or deny access to personal data where providing such access is unreasonably burdensome, expensive under the circumstances, or as otherwise permitted by applicable law.  You can ask to review and correct your personal data by sending a written request to help@badgr.io.  We may request specific information from you to confirm your identity.  If you are the recipient of a badge, please directly contact the third party who issued you such badge with your request to access or limit the use or disclosure of your personal data.

    2.6 Enforcement; Recourse.  If you have any questions or concerns about your personal data, please contact us. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal data in accordance with the Principles.  If we are unable to resolve your concern, you may contact JAMS, which provides an independent third-party dispute resolution body based in the United States. A binding arbitration option may also be available to you in certain circumstances.  For further information, please see the Privacy Shield website (https://www.privacyshield.gov).  We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

  3. CONTACT INFORMATION.  If you have any questions regarding this Statement, contact us by email at help@badgr.io or write to:

Concentric Sky, Inc. 1045 Willamette St. Eugene, OR 97401

  1. CHANGES TO THIS STATEMENT.  We reserve the right to amend this Statement from time to time consistent with the requirements of Privacy Shield.

Effective Date: January 1, 2019
Last modified:  November 2, 2018