GovPossible, PBC provides the software solutions directly to our public sector clients (“Clients”) to enable them to serve and perform their own governmental and business functions. As such, most of the Personal Information we collect and store is in connection with the software and services we provide to our Clients pursuant to our contractual arrangements with them. In these cases, GovPossible, PBC is acting as a “data custodian” only.
When GovPossible, PBC makes the Solutions available for use by a Client, we do so under a contractual arrangement with our Client pursuant to which the Client, not GovPossible, PBC, makes the decisions about what Personal Information is collected and how it is processed in the Solutions. Our Clients may electronically submit Personal Information to a Solution, or solicit from you Personal Information within a Solution, for processing and storage purposes (“Client Data”), including, for example, information required to set up admin rights for a Client’s employees, or Personal Information collected from a Client’s constituent who is using the Solution to pay for licensing. In these interactions, the Client’s employees or constituents are “End Users”. We function as a service provider and may store or process Client Data only for the purpose of providing the Solutions, improving the Solutions, preventing or addressing service or technical problems, or as may be required by law. If your Personal Information has been submitted to us by one of our Clients and you wish to exercise any rights you may have to access, rectify, or delete such data, please inquire with the relevant Client directly. Since GovPossible, PBC is the data custodian to our Clients, who are the “data owners”, GovPossible, PBC cannot modify or delete any data owned by our Clients without such Clients specific request and approval.
What Personal Information Do We Collect?
We may collect Personal Information from Users in a variety of ways, including, but not limited to, when Users visit the Site, use a Solution, register an account on any Solution, fill out a form, and in connection with other activities, services, features or resources we make available on our Solutions. Users may register for an account within the Solutions and be asked for Personal Information, as appropriate, including name, email address, physical address, and phone number. Users may, however, visit the Solutions anonymously. Users can always refuse to supply Personal Information, except that it may prevent them from engaging in certain Solution related activities, like registering for or obtaining the full benefit of the services provided by the Solution or receiving subscription emails.
At the request and direction of Clients, GovPossible, PBC may collect the following categories of Personal Information:
- User-provided personal identifying data: Most of the information we collect is information that Users input directly when using a Solution, such as name and contact details (email, phone number, address, social media handle), physical location, and user-provided content, depending on the Solution used and how the User decides to use it.
- User-initiated information: When a User uses text messaging, email or social media to contact or submit notifications to a Client through any Solution, we will collect that User’s phone number, email address, or social media handle, as appropriate.
- Website visitor information: When you visit a Solution or the Site, we may collect information about your visit, depending on the Solution, such as your IP address, cookies, location and the pages you visited and when you use the Solution, we may collect information on how you use the Solution.
- Protected sensitive data: For certain Solutions, Users are asked for certain information used in relation to applying for job positions or board or committee, certain sensitive data may be collected, such as date of birth, gender, ethnicity, political party, education, job history, references, it is the sole discretion of the Client to request or require these fields.
- Business data: For certain Solutions, Users may be asked to provide certain information required by Client to process the User-requested application. For example, as part of a permitting or business license, User may be asked to provide information about the business or business activity, including but not limited to business FEIN, business revenue, project size, or owner information.
- Business work product: For certain Solutions, Users may be asked to provide certain information required by Client to process the User-requested application. For example, as part of a permitting or planning application, User may be asked to provide information total project cost, estimation documentation, subcontractor certifications, and site plans.
- Financial information: If a User decides to purchase a paid service through a Solution, the User provides financial information related to your payment method including credit card number, credit card type, card expiration date, or other financial information. We do not, however, capture, store, or transmit that financial information. That information is provided directly to and stored by the third-party payment processor (the “Payment Processor”) Stripe. The Payment Processor’s applicable Terms of Service and Privacy Statement govern the use and storage of that information.
- Applicant data: Users applying for jobs or elected or appointed seats through a Solution, may be requested to submit prior job information, such as salaries, employment history, education history, address history, employers, social security number, USCIS or alien registration number, passport number, and other application data, as well as driver’s license information, as determined necessary by our Client.
- Employee data: Users whose employers are a Client for human resources services may be requested to submit bank account and routing numbers, dependent’s names and social security number, current job title, and other information an employer may request.
- Physical image: Certain Solutions may include the ability to upload video or image files which may contain visual representations of any Users that have attended public meetings or been in a public space.
- Information related to your mobile device: We may collect and store information related to your mobile device, such as your phone number, location, or device identifier used to deliver push notifications. You will have a choice as to whether we collect and store this information.
With the exception of the Website Visitor Information, the categories of data above are collected only when certain features and uses of the Solution are procured by the GovPossible, PBC Client, and data collected may vary for each User depending on our Client’s use of the Solution. All data fields are voluntary for the User to fill in, unless our Client requires certain data to be input by the User.
How We Collect, Receive, and Retain Personal Information?
We collect most of this Personal Information directly from Users willingly inputting such information, whether by webform, text, email, submission of documentation, or telephone call to our Client. However, we may also collect information from cookies on our Site or Solutions. We may receive Personal Information from third parties that integrate with our Solutions, at the request of our Clients. We will retain Personal Information as requested and required by our Client, with whom you share your Personal Information. We retain Personal Information indefinitely, retention depends on the type of data and the purpose for which we process the data, our Client’s subscription term for the Solution, open records laws, and direction for the retention or deletion of such data. We may retain Personal Information beyond the Client relation if required by law, contract, or if it is in our legitimate business interests and not prohibited by law.
If you have created a user account (“Account”) within a Solution which has been closed, we may take steps to mask Personal Information and other information, but we reserve our ability to retain and access the de-identified data for so long as required to comply with applicable laws.
How We Use Collected Information
We use User information, including Personal Information, for the following business purposes.
To fulfill service obligations for our Clients
We use and process information as needed and requested by our Clients that procure the Solution in order to fulfill our Client’s need; deliver the services requested, including software updates; manage our Client and User relationship; provide our Clients and Users with customer support, and comply with laws or regulations that apply to us and our Clients.
To personalize User experience
We may use information in the aggregate to understand how our Users as a group use the Solution, resources, and services provided on the Solution and the Site. We may use information to perform research and analysis about Users’ use of, or interest in, our Solutions, services, or content.
To improve the Solution and Site experience
We continually strive to improve our Solution and Site offerings based on the information and feedback we receive from Users. We may use information to improve our internal operations, systems, Solutions, and services including benchmarking system performance and developing our products and services.
To improve customer service
User information helps us to more effectively respond to a User’s customer service requests and support needs. We use information to respond to comments and questions and provide customer service, communicate with Users and Clients about products and/or services that may be of interest.
To send periodic emails
The email address Users provide to a site will be used to respond to their inquiries, and/or other requests or questions, or to send service announcements regarding changes, notifications, or marketing information. If User decides to opt-in to our mailing list, on any Solution or the Site, they will receive emails that may include company news, updates, related product or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email or User may contact us via the contact information below.
We only use Personal Information for the purposes and uses described above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original uses and purposes.
How We Share Personal Information?
Except as described here or in any other applicable policy, we do not sell, trade, or rent User’s Personal Information to any third parties. We may share generic aggregated demographic information not linked to any Personal Information regarding visitors and users with our business partners, trusted affiliates, and advertisers for the purposes outlined above.
For our payment processing Solution, we work with a third-party payment processor in order to successfully complete transactions. We do not retain any credit card or other payment-specific data; said data is provided directly to the processor.
We may share your Personal Information or other information about you with other parties to transactions when you use the Solution. In most cases, this is your local municipality with whom you are procuring services and financial institutions (if making a purchase). The information is limited to Personal Information and account information necessary to facilitate the transaction.
We may share information with our agents, vendors, service providers, and subcontractors who perform functions on our behalf, such as our customer relationship management service provider, marketing automation and analytics provider, sales development tools provider, and other similar service providers.
We may also share information with other third parties for our business purposes or as permitted or required by law, including:
- Sending non-personal information to third party analytics service providers for monitoring the health of the Site and Solutions;
- if we need to do so to comply with a law, legal process or regulations;
- to law enforcement authorities or other government officials, or other third parties pursuant to a subpoena, a court order or other legal process or requirement applicable to GovPossible, PBC;
- if we believe, in our sole discretion, that the disclosure of Personal Information is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity;
- to protect the vital interests of a person;
- to investigate violations of or enforce a user agreement or other legal terms applicable to the Solution;
- to protect our property, the Solutions, the Site, and legal rights;
- to facilitate a purchase or sale of all or part of GovPossible, PBC’ business;
- to companies that we plan to merge with or be acquired by; and
- to support our audit, compliance, and corporate governance functions
How Do We Protect Your Personal Information?
We store all our information, including Personal Information, using industry-standard techniques. We use appropriate data collection, storage and processing practices, and security measures to protect against unauthorized access, alteration, disclosure or destruction of your Personal Information, username, password, transaction information, and information stored on the site, if applicable, to your use of the Site and Solution.
Sensitive and private data exchange between the Solution or Site and its Users happens over an SSL secured communication channel and is encrypted and protected with digital signatures.
Privacy of Children
How Do Users Request Access to Review or Change Personal Information?
Users may have certain data privacy rights depending on their state of residence. If you would like to exercise any of your data privacy rights, you will need to send your request directly to the data-owning GovPossible, PBC Client with whom you shared your data. Please note that verification will be required to prove your identity. GovPossible, PBC may not disclose or delete data if an exemption or exception to deletion exists. Please note, GovPossible, PBC is a data custodian to its data owning Clients, the majority of our Clients are government municipalities and may be exempt from certain laws requiring compliance with data subject rights. GovPossible, PBC is required to have Client approval regarding every access, rectifying, disclosing, and deletion request submitted by Users of any Solution.
If you have an Account with any Solution, you can review and edit Personal Information in the Account by logging in and updating the information directly. If you wish to edit Personal Information and are unable to do so in the Account, you may contact us, using the contact information below, and we can help you with this request, verification of identity will be required, and Client approval may be sought in circumstances where the Personal Information is owned by the Client.
For Residents of California, the California Consumer Privacy Act (CCPA) provides privacy protections to California consumers as follows:
GovPossible, PBC does not sell your Personal Information so does not provide an opt-out page. If you are a California resident, you have the rights listed below under data protection law, to access any of the following rights you must submit a request to the data owning Client with whom you submitted your Personal Information. If your request is regarding data that you submitted independent of a specific data owning client, or if the request is with regard to our Site, please submit such a request to privacy@GovPossible, PBC.com.
California residents are limited to two Personal Information requests per year. There is no charge to access your Personal Information; however, if you submit requests that are clearly baseless, repetitive, or excessive, GovPossible, PBC may charge a reasonable fee for such requests; alternatively, GovPossible, PBC reserves the right to refuse to comply with such requests. Upon receiving a valid and verified request for Personal Information, that was submitted by and approved for fulfillment by our Client Data owner, we will respond to such a request within 45 days unless there are any extenuating circumstances, for which we will let our Client know.
Right to know:
You have the right to request data collected about you; and
You have the right to request what data is shared about you
Disclosures provided under CCPA will identify the Personal Information collected in the previous 12 months.
Right to deletion:
You have the right to deletion of information unless an exception applies.
Right to rectify:
You have the right to correct any data collected about you that is inaccurate.
Right to non-discrimination:
You shall not be discriminated against for exercising any of these consumer privacy rights.
Right to use an authorized agent:
You have the right to use an authorized agent to submit a request to know or a request to delete on your behalf. Such use of an authorized agent will require:
Your written permission to allow the authorized agent to exercise your rights
Verification of the agent’s and your own identity
We may deny a request from you or your agent if we cannot verify the identification of the individual making the request
Or, by writing to:
PO Box 12714
Columbia, SC 29211