Privacy Policy

Last updated 1 May 2023

1Introduction

Nimbit Pty Ltd ACN 657 119 009 (Nimbit, our, we or us) offers a variety of tools and resources for organisational change management.

We take our privacy obligations seriously. For the purposes of applicable data protection law, (in particular, the General Data Protection Regulation (EU) 2016/679 (GDPR) and the UK Data Protection Act 2018), your data will be controlled by us.

This Privacy Policy describes how Nimbit processes your information and explains the choices available to you with respect to your information.

If you don't agree to this Privacy Policy, you must refrain from using our products and services.

We may change this Privacy Policy at any time by posting a modified version on our website and we encourage you to check our website regularly to ensure that you are aware of our most current privacy policy.

2Information We Process

Nimbit processes information we receive directly from you, automatically collected when you use our products and services, and collected by Nimbit from third parties. However, please note that this Privacy Policy does not apply to the processing of your information by third parties through your use of any third-party integrations available via our Service. Please visit those third-party websites directly for more information on their privacy and data protection practices.

Information Nimbit Receives Directly From You

Information needed to create an account

This includes information that is needed for Nimbit to create an account for you and manage your ability to log in and out of Nimbit:

• Identifiers, such as first name, last name, email address and organisation time
• Your password for Nimbit (hashed) - unique, long, and strong, please
• Information related to a third-party authentication identity provider, such as Microsoft Authenticator

If you upgrade your account to a paid account, Nimbit may collect:

• Billing information, such as name, address, and telephone number
• Financial information, such as credit card information collected by our payment processors on our behalf
• Information about your chosen Nimbit plan

Information you provide to us through your use of Nimbit

• Information you provide in projects and releases
• Information uploaded to Nimbit, such as attachments
• Any other information you choose to provide while using Nimbit that identifies or can be reasonably associated with you

Other information you may provide to us when you interact with Nimbit in other ways

You may voluntarily provide us with information when you interact with us in other ways. If you directly interact with Nimbit staff, such as our sales, user research, or user operations groups, or if you become a Nimbit Champion, Nimbit may process:

• Your requests, questions, and responses to us via forms or email
• Information you provide in connection with Nimbit sweepstakes, contests, or research studies, if you choose to participate
• Information to verify your identity
• Geographic information, such as region and country
• Social media information
• Your date of birth
• Your audio and video, if you participate in a sales call or user research study and do not opt out of call recording, which also involves the collection of biometric information associated with the call recordings

Information automatically processed when you visit Nimbit

Information related to your use of Nimbit

We may also collect the following:

• Metadata and inference information related to your use of Nimbit, our websites, and third-party integrations to better understand the way you work in Nimbit. We may log the actions you take as you use Nimbit, including but not limited, to the number of Nimbit workspaces you work in, the number of tasks you are assigned, when you delete a task or comment, the features and embedded content you interact with, the types of files you transmit, and what, if any, third-party integrations you use.
• Internet network activity, cookies, and similar tracking technologies, including data our servers automatically record, such as your web request, IP address, browser type and settings, referring/exit pages and URLs, number of clicks, date and time stamp information, language preferences, and other such information. Please visit our Cookies Notice for more information about the types of information we collect via cookies, including information about advertising and analytics, and how we use it. To manage your cookies settings, you can adjust them in our Cookies Preference Centre here: Cookie Preference Centre
• Information collected as a result of participation in beta testing, such as error reports or feedback provided by you
• Information about how you interact with our marketing websites, like nimbit.co, such as where you click, how long you visit a page, your scrolling, mouse hovers, and other data to help us better understand your experience and provide you with the best user experience
• Device information and activity when you use Nimbit via a mobile device, such as the type of device you are using, device IDs, operating system version, and mobile network information to ensure that we are serving you the correct version of our application
• Derived device geolocation information, such as approximate geographic location inferred from an IP address

Information Nimbit Receives from Other Sources

Sometimes Nimbit receives your information from third parties (other individuals, marketing services, third-party integrations), which may include

• Information processed from third-party integrations you set up with Nimbit. For example, a third-party integration may give us access to information stored in that third party that Nimbit will process to facilitate the integration
• Name, email, and business contact information
• Information about you provided to us from other individuals or users of Nimbit

3How We Use Your Information

Nimbit uses your information to operate our products and services, communicate with you, process transactions when you change Nimbit plans, for security and fraud prevention, and to comply with the law. Specifically, we may process your information to:

Provide services to you and operate our business

• Maintain, provide, and improve our products and services
• Help us better understand user interests and needs, and customise Nimbit for you
• Analyse and research how you interact with our website and applications
• Protect Nimbit and you, for example:
• Securing our systems and products against fraud or unauthorised activity
• Identifying, troubleshooting, and fixing bugs and errors
• Complying with global laws and regulations
• Investigate in good faith alleged violations of our Terms of Service
• Comply in good faith with a valid legal subpoena, request, or other lawful process that meets the requirements of law enforcement or that we otherwise determine is necessary to respond to
• If you use Nimbit as part of an organisation, company, or academic institution, Nimbit will process your information as required by our contract with your organisation or academic institution. Those contractual terms may differ from, and, in the event of a conflict, take precedence over, the uses described in this Privacy Policy

In addition, we use information about your use of Nimbit, account information (such as your email address and name), and information related to third-party integrations to:

• Communicate with you:
• About Nimbit by phone, text, email, or chat
• To provide important notices and updates, product changes, and other necessary notices such as security and fraud alerts
• To advertise or market Nimbit services to you. You have the ability to unsubscribe from promotional communications at any time
• Facilitate reporting and analyse performance of the Nimbit platform or features available in Nimbit
• Provide webinars or public presentations
• Demonstrate Nimbit or provide you access to a demo Nimbit instance
• Process your information at your direction
• Provide cross-device management of your account. For example, we may locate or try to locate the same unique users across multiple browsers or devices (such as smartphones or tablets), or work with service providers that do this, in order to save your preferences across devices and analyse usage of our products and services. If you wish to opt out of Google's ability to locate you across devices in this way, you may install the Google Analytics Opt-out Browser Add-on by clicking here.

Provide you with support and get your feedback

• Respond to your requests for information
• Help identify and troubleshoot any issues with your account and answer your questions
• Resolve support requests
• Provide you with reports about usage
• Survey your opinions through surveys, research studies, and questionnaires

Combined information

Unless otherwise prohibited by law, we may combine the information that we collect through your use of our products and services with information that we receive from other sources, both online and offline, and use that combined information as set out above.

Aggregated and de-identified data

We may aggregate and/or de-identify information related to your use of Nimbit (such as how many projects or releases you created) so that such information can no longer be linked to you or your device. We may use such aggregated and de-identified data for any purpose, including but not limited to, research and marketing purposes and may also disclose such data to any third parties, including advertisers, promotional partners, sponsors, event promoters, and/or others.

4How We Disclose Your Information

We need to disclose the information we collect about you to make our products and services run smoothly and to operate our business under the following conditions:

• Service providers and subprocessors. We may provide access or disclose your information to select third parties that use the information on our behalf to assist in providing our products and services. These third parties provide a variety of services to us, including without limitation sales, marketing, provision of content and features, advertising, analytics, research, data storage, security, fraud prevention, and other services.
• Because you ask us to disclose. We may disclose your information to third parties when you ask us to do so. This includes when you connect Nimbit with other tools via our available integrations.
• Consistent with your settings within our products and services. Please note that the information you submit through and post to Nimbit may be viewable by other users in your workspace, team, division, or organisation, depending on the specific settings you have selected and if an organisation has been created for your domain.
• Business transfers. If the ownership of all or substantially all of our business changes, or all or some of our assets are sold as part of a bankruptcy or other proceeding, we may transfer your information to the new owner so that the services can continue to operate. In such a case, your information would remain subject to the promises and commitments contained in this Privacy Policy until the acquiring party updates it. If such transfer is subject to additional mandatory restrictions under applicable laws or agreements, Nimbit will comply with those restrictions.
• Compliance with legal obligations. To comply in good faith with a valid legal subpoena, request, or other lawful process that meets the requirements of law enforcement. We will notify individuals or customers of that request unless: we are prohibited from doing so by law or court order; or there are exceptional circumstances, such as an emergency involving the risk of bodily injury or death to a person or group of people or potential harm to minors.
• Your company's own Nimbit account administrator (if you have one). If you're using Nimbit in connection with an organisation, academic institution, or company domain, your company's own Nimbit account administrator can export data associated with the domain they manage if they have a subscription plan that allows them to do so.
• Public forums. Our public forums, such as the Nimbit community forum, make it possible for you to upload and post comments or feedback publicly with other users. Any information that you submit through such public forums is not confidential and Nimbit may use it for any purpose (including in testimonials or other Nimbit marketing materials). Any information you post openly in these ways will be available to the public at large and potentially accessible through third-party search engines. Such information can be read, collected and/or used by other users and could be used to send you unsolicited messages.

We do not disclose your information to third parties for their own direct marketing purposes.

5Protection, Storage, Transfer & Retention of Your Information

Security

Nimbit takes technical and organisational measures to protect your information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access. However, no method of transmission over the internet and no means of electronic or physical storage is absolutely secure, so we cannot ensure or warrant the security of that information. We are constantly updating and improving our safeguards.

Storage

When you use Nimbit, your information will be stored in Australia, unless alternative storage options have been requested and agreed.

Transfer outside the European Economic Area ('EEA')

To provide our products and services, we may transfer the Personal Data we collect to countries outside of the UK or EEA which do not provide the same level of data protection as the country in which you reside and are not recognised by the European Commission as providing an adequate level of data protection.

When we do this, we will make sure that it is protected to the same extent as in the EEA and UK as we will put in place appropriate safeguards to protect your data, which may include standard contractual clauses.

Data Retentiion

We will retain your information for the period necessary to fulfil the purposes outlined in this Privacy Policy, to make our products and services available to you, or as instructed by you, unless a longer retention period is required or permitted by law.

6Other Important Information

Use by children under 16

If you are under the age of 16, you may not have a Nimbit account or use Nimbit's products or services. We do not knowingly process any information from, or direct any of our products or services to, children under the age of 16.

Marketing practices and choices

If you receive email from us, we may use certain analytics tools, such as clear GIFs, to capture data, such as when you open our message or click on any links or banners within our emails. This data allows us to gauge the effectiveness of our communications and marketing campaigns.

You may instruct us not to use your contact information to contact you by email, postal mail, or phone regarding products, services, promotions, and special events that might appeal to your interests by informing us. In commercial email messages, you can also opt out by following the instructions located at the bottom of such emails.

Please note that, regardless of your request, we may still use and disclose certain information as permitted by this Privacy Policy or as required by applicable law. For example, you may not opt out of certain transactional, operational, or service-related emails, such as those reflecting our relationship or transactions with you.

7Your Privacy Rights

Nimbit users from around the world use our products and services to manage organisational change. Regardless of what country you're located in, we respect your ability to know, access, correct, export, restrict the processing of, and delete your information, and have extended those rights globally. We will not discriminate against you for exercising your privacy rights.

Information about your rights

Upon your request, and subject to applicable legal exceptions, we will:

• provide access to and/or a copy of certain information we hold about you
• provide you with information about categories of information we collect or disclose about you, the categories of sources of such information, the business or commercial purpose for collecting your information, and the categories of third parties to which we disclose your information
• prevent the processing of your information for promotional purposes (including any direct marketing processing based on profiling)
• update information which is out of date or incorrect
• delete certain information which we have about you
• restrict the way that we process and disclose some of your information
• transfer your information to a third party provider of services
• revoke your consent for the processing of your information

If you request these rights, we will need to verify your identity and may need to verify your relationship with Nimbit (for example, if you're an administrator of an Nimbit organisation, division, or workspace and you're making a request on behalf of another individual) for security and to prevent fraud.

We may take additional steps to verify that you are authorised to make the request. If you are an end user of Nimbit's services and not a direct customer of Nimbit (for example, your company uses Nimbit and you're an employee or authorised representative of that company), you should direct requests relating to your information to the administrator of your company's Nimbit account. We will redirect you to your administrator or notify the administrator directly.

Please note, however, that certain information may be exempt from such requests in some circumstances (for example, if we need to keep processing your information for our legitimate interests or to comply with a legal obligation). Depending on applicable law, you may have the right to appeal our decision to deny your request.

8Contact Us

If you have any questions about this Privacy Policy, or to exercise your privacy rights, please contact us at contact@nimbit.co