Tobiko

Tobiko Data Privacy Policy

This privacy policy for Tobiko Data, Inc. (together with our affiliates, “Tobiko Data”, “we”, “our”, or “us”) discloses how we collect, store, process, transfer, share, hold, and use data that identifies or is associated with visitors (“personal information”) to our public website at https://www.tobikodata.com (“website”) and any other personal information you otherwise provide to us as further described below. For the purposes of this privacy policy, “you” and “your” means you as the Visitor.

We are a company established under Delaware State law in the United States with a registered office at 204 E 2nd St .227, San Mateo, CA 94401, and for the purposes of General Data Protection Regulation (“GDPR”) and the GDPR as implemented in the UK (together referred to as the “EU and UK Data Protection Laws”), we are the data controller.

This privacy policy does not cover information submitted to us as part of your use of our platform including, but not limited, to information about a client’s customers or authorized users. To the extent we process your data on your behalf, we are the data processor, and this is covered by entering into our data processing agreement. This privacy policy also does not cover information of people whose only contact with us is visiting our Tobiko Community Slack. Aside from these circumstances, Tobiko Data is the data controller of the personal information we hold about you. Our website provides valuable information meant to enable efficiency, accuracy and best practices in your data transformations. Before accessing or using our website or otherwise providing us your personal information, please ensure that you have read and understood our collection, storage, use and sharing of personal information about you as described in this privacy policy. If you do not want information about you used as described in this privacy policy, then please do not provide your personal information to us.

1. PERSONAL INFORMATION

This section concerns information that we collect about you and how we use and share it.

1.1 Information you give to us

We collect personal information when you voluntarily submit such information directly to us. This can include information you provide to us when you connect with us by filling in a form on our website, corresponding with us by phone, email or otherwise, subscribing to our mailing lists, blogs, newsletters or other forms of marketing communications, visiting our public pages including source code, documentation and repositories, attending, virtually or in-person, one of our trainings, international meet-ups, booth locations, responding to a survey, or entering a promotion (“Connections”).

1.2 Information we collect from third parties

This privacy policy governs any personal information we receive from Visitors. We are not responsible or liable for the accuracy of the information provided to us by Visitors and are not subject to any third party’s policies or practices. See Sections 8, 9 and 10 below for more information.

1.3 Information we collect automatically

We also automatically collect personal information about you indirectly about how you access and use the website, such as information about the device you use to access the Connections.

We may consider personal information collected about you and how many and the types of Connections we have with you in order to predict what products or services may be the best fit for you. This allows us to tailor our marketing efforts and create the best personalized experience. We may use third party tools to assist us and manage our processes.

We may anonymise and aggregate any of the personal information we collect (so that it does not directly identify you). We may use anonymised information for purposes that include testing our IT systems, research, data analysis, improving our products and services and developing new products and features. We may also share such anonymised information with others.

If you choose not to provide personal information, we may not be able to respond to your requests.

1.4 Information we collect at events

We collect personal information you give us related to registration. This may be shared with event organizers, sponsors, venues, or providers of services for the event for purposes of planning for, hosting, and administering events, and of communicating about products and services and future events. We may also collect personal information related to your attendance, the sessions you attend, your sessions as speaker or facilitator, and your other activities.

We may collect and share on our website personal information related to your attendance, speaking, facilitating or participation in discussions/talks/networking that includes records of your image, voice, and commentary for the purpose of documentation of the event, facilitating remote attendance, website accuracy, and for the participation and education of online participants such as those with health, travel or other constraints.

2. MARKETING AND ADVERTISING

From time to time we may contact you with information about our products and services. Most marketing messages we send will be by email. For some marketing messages, we may use personal information we collect about you to help us determine the most relevant marketing information to share with you, and we may tailor advertising to you based on the information we’ve collected in an effort to provide you with information that is the most relevant and useful to you. We may use third party tools as part of our processes, but we share very limited personal information with them, and they are under contractual obligations to only use data we share on our behalf and in compliance with applicable law. You can change your marketing preferences at a later date by clicking on the unsubscribe link at the bottom of our marketing emails.

3. DATA SECURITY

We implement technical and organizational measures designed to protect personal information about you against accidental or unlawful destruction, loss, change or damage. However, please be aware that, despite our best efforts, no security measures are perfectly secure, error-free, or impenetrable, and we cannot guarantee “perfect security.” Any information you send to us electronically may not be secure when it is transmitted to us. We recommend that you do not use non-secure channels to communicate sensitive or confidential information to us. Any information you send us through any means is transmitted at your own risk.

4. INTERNATIONAL TRANSFERS OF YOUR PERSONAL INFORMATION

If you are located in the EU or EEA, UK, or Switzerland, this may mean that your personal information will be stored or processed in the USA.

When transferring personal information originating from the EEA or the UK to the USA, we seek to comply with applicable EU and UK Data Protection Laws by using (i) the European Commission’s model contracts for the transfer of personal information to third countries (i.e., the standard contractual clauses) (the “Model Clauses”); (ii) the equivalent contract issued by the relevant competent authority of the UK, Switzerland or another country, as relevant; or (iii) appropriate derogations for specific situations pursuant to Article 49(1) of the GDPR and UK GDPR – unless the data transfer is to a country that has been determined by the European Commission and/or the relevant UK or other governmental authorities, as applicable, to provide an adequate level of protection for personal information.

If you wish to enquire further about the safeguards we use or to examine a copy of the Model Clauses, please contact us using the contact details set out at the end of this privacy policy.

5. YOUR RIGHTS IN RESPECT OF PERSONAL INFORMATION ABOUT YOU

5.1 EU/UK

Where applicable, in accordance with applicable EU, Swiss, and UK Data Protection Laws, if you are located in the EEA, Switzerland, or the UK, you may have the following rights in respect of personal information about you that we hold:

  • Transparent Communications. Communications will be concise, transparent, intelligible and easily accessible form, using clear and plain language (Art. 12 of the GDPR).
  • Disclosure upon Collection. The collector of the data will, at the time when personal data are obtained, provide the data subject with information related to the collector including contact details, the purposes for the collection, the legal basis, and the third party and location of any data transfers (Art. 13 of the GDPR).
  • Notice and Access. The right to receive notice that your data is in a data collector’s possession and identify the source of the data (Art. 14 of the GDPR) and to obtain access to your personal information, to understand how we use it, and who we share it with (Art. 15 of the GDPR).
  • Rectification. The right to obtain rectification of your personal information where that personal information is inaccurate or incomplete (Art. 16 of the GDPR) and may request notice be given to data recipients downstream (Art. 19 of the GDPR).
  • Erasure. The right to obtain the erasure of your personal information in certain circumstances, such as where the personal information is no longer necessary in relation to the purposes for which it was collected or processed (Art. 17 of the GDPR) and may request notice be given to data recipients downstream (Art. 19 of the GDPR).
  • Restriction. The right to require us to stop processing the personal information we hold about you, other than for storage purposes, in certain circumstances (Art. 18 of the GDPR).
  • Portability. The right to receive a copy of the personal information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions (Art. 20 of the GDPR).
  • Object. The right to object to our processing of your personal information (Art. 21 of the GDPR).
  • Objection to marketing. The right to object to marketing at any time by clicking the unsubscribe button at the bottom of the email (Art. 21 of the GDPR).
  • Withdrawal of Consent. To the extent that we rely on consent to process personal information about you, the right to withdraw this consent at any time by clicking the unsubscribe button at the bottom of the email (Art. 21 of the GDPR).
  • No Profiling. The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her without consent (Art. 22 of the GDPR).

This list is not meant to be a complete statement of your rights, does not constitute legal advice, nor is it a guarantee of such rights. The list is subject to change, revision, regulation, court decision, interpretation, or restriction (Art. 23 of the GDPR) by governmental authorities. Please note that a number of these rights only apply in certain jurisdictions or circumstances. The rights are subject to being balanced against other factors or rights, and may be impacted where fulfilling your request would adversely affect other individuals or our trade secrets/ intellectual property, where there are overriding public interests or where we are required by law to retain your personal information.

If you wish to exercise one of these rights, please contact us using the contact details at the end of this privacy policy. We may need to verify your identity prior to addressing your request, and may ask for additional information and documents. You may also review and edit the personal information you have submitted to us by logging into your account on our website.

If you have complaints about how we process personal information about you, please contact us at the details provided at the end of this privacy policy and we will respond to your request as soon as possible. You may also have the right to make a complaint to the relevant Supervisory Authority in the EEA country in which you live or work, or with the UK Information Commissioner’s Office, as applicable to you. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/about-edpb/members.en.

5.2 United States - California

Where applicable, if you are a California resident you may have the following rights under the California Consumer Privacy Act of 2018 (the “CCPA”) in relation to “personal information” we have collected about you as defined in the CCPA; these rights are, to the extent required by the CCPA and subject to verification and any applicable exception:

  • Know/Access. You have the right to request that we disclose certain information to you about our collection and use of certain personal information about you as described below:
  • the specific pieces of personal information collected;
  • the categories of personal information collected;
  • the categories of sources from whom the personal information is collected;
  • the purpose for collecting the personal information; and
  • the categories of third parties with whom we have shared the personal information.
  • Delete. You have the right to request that we delete the personal information.
  • Opt Out. You have the right to opt out of the sale or sharing of your personal information. We do not sell your personal information or share it, although we may share it with third parties who use it to provide us services and are our service providers.
  • Rectification. You have the right to correct inaccurate information a business has on you.
  • Restriction. You have the right to limit the use and disclosure of sensitive personal information.
  • Freedom from Discrimination. You have the right to be free from unlawful discrimination for exercising any of the rights above.

To request your exercise of the rights described above, please submit a request to us by emailing us at privacy@tobikodata.com. These rights may be subject to exceptions, limitations, interpretations, or modifications by applicable law.

We may need to verify your identity prior to addressing your request, and may ask for additional information and documents. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to personal information collected about you. To designate an authorized agent, the authorized agent must provide sufficient information that allows us to reasonably verify that they have been authorized by you to act on their behalf.

5.3 United States - Virginia

As the controllers of personal information you have provided to us, we provide the following privacy notices specific to Virginia residents only:

  • We may process your personal information in accordance with Section 1 and 2 which may include targeted advertising to personalize your online experience with subjects of interest to you. To opt-out, please contact us using the contact details at the end of this privacy policy;
  • We will implement and maintain reasonable data security practices to protect the confidentiality, integrity, and accessibility of personal data and only hold the data for the specific purpose indicated above and for only as long as necessary to achieve the purpose (purpose limitation and data minimization);
  • You may make a personal data requests of us; and
  • To exercise your consumer rights or appeal a decision with regard to your request, please contact us using the contact details at the end of this privacy policy.

We will need to verify your identity prior to addressing your request, and we may ask for additional information and documents. If we cannot identify you, we may refuse the request.

Virginia residents may have the following personal data rights:

  • Know. You have the right to be informed (right to know) of the processing of personal data;
  • Access. You have the right to access their personal information;
  • Rectify. You have the right to correct inaccurate personal data;
  • Opt-Out. You have the right to opt out of the sale of personal data targeted advertising, or profiling; and
  • Deletion. You have the right to delete personal data.

6. JURISDICTION AND ENFORCEMENT

Tobiko Data complies with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF), and United Kingdom (and Gibraltar) Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework program as set forth by the U.S. Department of Commerce (EU, UK and Swiss collectively, the DPF). Tobiko Data has certified or will shortly certify to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from the European Union and the UK (including Gibraltar) in reliance on the EU-U.S. and UK DPFs. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (collectively, Principles), the applicable Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. The Data Privacy Framework supersedes and replaces the US Privacy Shield.

Pursuant to the DPF, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. You may also request access to that data for the purpose of verifying, updating or correcting inaccurate information. Furthermore, you can request erasure of information handled in violation of the DPF Principles. We will provide an individual opt-in for individuals identifiably from the EU, UK and Switzerland before we share your data with third parties (other than our agents).

Tobiko Data is responsible for the processing of personal data it receives pursuant to the DPF and to the extent it subsequently transfers such data to a third party acting as an agent on its behalf. Tobiko Data complies with the DPF Principles for all onward transfers of personal data from the EU, the United Kingdom, and Switzerland, including applicable onward transfer liability provisions.

With respect to personal data received or transferred pursuant to DPF, Tobiko Data is subject to the regulatory investigative and enforcement powers of the U.S. Federal Trade Commission. In certain situations, Tobiko Data may be required to comply with applicable law in disclosing personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-US, UK and Swiss-Data Privacy Framework Principles, Tobiko Data commits to resolve complaints about your privacy and our collection or use of your personal information. European Union, United Kingdom, or Swiss individuals with DPF inquiries or complaints regarding this privacy policy should first contact Tobiko Data using the contact details at the end of this privacy policy.

We have further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs, a non-profit alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2.

7. COOKIES AND SIMILAR TECHNOLOGIES

We also automatically collect information including personal information and details including your interaction with the website. To do this, we may use cookies, web beacons/clear gifs, and other similar technologies.

We use the following types of cookies:

  • Strictly necessary cookies. These are cookies required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website or make use of e-billing services.
  • Analytical/performance cookies. They allow us to recognise and count visitors moving around our website. This helps us to improve the way our website works, for example, by ensuring that Visitors are finding what they are looking for easily.
  • Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your opt-out or preferred language).
  • Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website, the advertising displayed on it, and the marketing messages we send to you more relevant to your interests. We may also share this information with third parties who provide a service to us for this purpose.
  • Third party cookies. Please be aware that advertisers and other third parties may use their own cookie tags when you click on an advertisement or link on our website. These third parties are responsible for setting out their own cookie and privacy policies.

The cookies we use are designed to help you get the most from the website, such as to distinguish you from other Visitors of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website, but if you do not wish to permit cookies, most browsers allow you to change your cookie settings. Please note that if you choose to refuse cookies you may not be able to use the full functionality of our website. These settings will typically be found in the “Options” or “Preferences” menu of your browser. In order to understand these settings, the following links may be helpful, otherwise you should use the “Help” option in your browser for more details.

If you only want to limit third party advertising cookies, you can turn such cookies off by visiting the following links (please bear in mind that there are many more companies listed on these sites than those that drop cookies via our website):

Your browser settings may also allow you to transmit a “Do Not Track” signal when you visit various websites. Like many websites, our website is not designed to respond to “Do Not Track” signals received from browsers. To learn more about “Do Not Track” signals, you can visit http://www.allaboutdnt.com/.

8. VISITOR GENERATED CONTENT

The Connections may also share, refer to, or host content created and uploaded by visitors to the Tobiko Data Community Slack or the website, which visitors may elect to engage with. Through your participation, you may submit content (“Visitor-Generated Content” or “VGC”). We or others may store, display, reproduce, publish, or otherwise use VGC, and may or may not attribute it to you. Others may also have access to VGC and may have the ability to share it with third parties. If you choose to submit VGC to any Social Feature or public forum such as the website or a conference, your VGC will be considered “public” and will be accessible by anyone, including Tobiko Data.

Please note that we do not control who will have access to information that you make available to others, and cannot ensure that parties who access to such information will keep it secure or respect your privacy. We are not responsible for the privacy or security of any information you make publicly available or what others do with information shared on such platforms. We are not responsible for the accuracy, use or misuse of any VGC that you disclose or receive from third parties through the forums or email lists.

9. SOCIAL FEATURES

The Tobiko Data Community Slack forum permits chats with other data practitioners and lets you ask questions about analytics engineering, and certain features of the website permit you to initiate interactions between the website and third-party services or platforms, such as social networks (“Social Features”). Social Features may include features that allow you to click and access our pages on certain third-party platforms, such as Facebook, LinkedIn, and Twitter, and from there to “Like” or “Share” our content on those platforms. Use of Social Features may entail a third party’s collection and/or use of your information. If you use Social Features or similar third-party services, information you post or otherwise make accessible may be publicly displayed by the third-party service you are using. Both Tobiko Data and the third party may have access to information about you and your use of both the website and the third-party service. For more information on third-party websites, services, and platforms, see Section 10.

Our website may, from time to time, contain links to and from third party websites, including those of other Visitors, our partner networks, advertisers, partner merchants, news publications, retailers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we expressly disclaim any responsibility or liability for their policies. Our inclusion of such links does not, by itself, imply any endorsement of the content on or actions of such platforms or of their owners or operators except as disclosed on the website. Please check the individual policies before you submit any information to those websites. Any information submitted by you directly to these third parties is subject to that third party’s privacy policy.

11. NOTICE TO YOU OF CHANGES TO THIS POLICY

We may update this privacy policy from time to time and so you should review this page periodically. When we change this privacy policy in a material way, we will update the “last modified” date at the end of this privacy policy. Changes to this privacy policy are effective when they are posted on this page, or such later date as may be specified in the updated privacy policy. IF YOU DO NOT AGREE TO ANY UPDATES TO THIS PRIVACY POLICY PLEASE DO NOT ACCESS OR CONTINUE TO USE THE CONNECTIONS.

12. CONTACTING US

Questions, comments and requests regarding this privacy policy are welcome and should be sent to privacy@tobikodata.com. Further information is available from the Tobiko Data Manager, Security Compliance (Tobiko Data data protection and privacy officer) at privacy@tobikodata.com.

Last Revised: This privacy policy was last modified on May 2, 2024.