Last Updated October 7, 2020
RUBY RECEPTIONISTS, INC.
Scope. This Privacy Notice describes how we treat information collected through our Services, which includes (i) our virtual reception services and other interactions by phone, text, and other means, (ii) our Site, (iii) the Software, and (iv) our digital properties, applications, social network and other channels hosted on third party websites or platforms. We collect information when you visit the Site, sign up or use the Services as our Customer, interact with us as Caller, or when you communicate with us directly through any of our Services or submit information to us via a third party.
This Privacy Notice applies to all our data collection activities, both offline and online, wherever it is posted. Note that this Privacy Notice DOES NOT apply to information collected via a website or platform not owned or controlled by Ruby, such as our Customers’ websites. Your use of a Customer’s website is governed by the Customer’s privacy notice, and Ruby has no control over their privacy practices.
What Is Personal Information?
As used in this Privacy Notice, “Personal Information” means information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual consumer or device, such as:
- Identifiers (e.g., name, address, telephone number, email address, username);
- Sensitive Personal Information (e.g. state identification number, financial information);
- Protected classification information (e.g. race, citizenship, marital status, medical condition, sex, sexual orientation, veteran or military status);
- Biometric information (e.g. voice, keystrokes, behavioral or biological characteristics);
- Internet or other similar activity (e.g. geolocation, browsing history);
- Employment-related information (e.g. current or past employment);
- Non-public educational information, including information protected under the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99);and
- Commercial information (e.g. products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies).
Personal Information does not include (i) publicly available information (ii) aggregate information, meaning data about a group or category of services or users from which individual identities and other Personal Information has been removed; or (iii) deidentified information that cannot be easily linked back to the individual.
How does Ruby collect and use my Personal Information?
Ruby only collects your Personal Information (i) when applicable, with your consent, (ii) in our role as a service provider, (iii) if we have a legitimate interest in doing so, or (iv) as authorized or required by law. The types of Personal Information we collect about you and the manner of collection depends on how you interact with us. We only collect Personal Information as reasonable and necessary.
Categories. During the preceding 12 months, we have collected these categories of Personal Information:
- Sensitive personal information
- Internet or other similar activity
- Employment-related information
- Commercial information
Sources. We collect Personal Information from these sources:
- Directly from you when you communicate with Ruby, with your consent. We collect your name, email address and other contact information if you request information about our Services or one of our eBooks or other resources we offer through an online form, email, the Site’s chat feature, or by phone. If you sign up for our Services, we also collect information about your company and your payment information. We may also create and store transcripts of our chat exchanges. If you complete a survey, we will collect your responses. We collect this information with your consent, and we use it for the purposes stated at the time of collection, to provide you with our Services, and to communicate with you or send you direct marketing communications.
- Directly from you as a Customer when you use our Services. If you are a Customer, we will collect information you choose to submit to us via the mobile application or customer portal or dashboard, such as information related to your account and communications you submit related to your subscription or our Services. If you choose to sync your contact lists and calendars with our mobile application, we will collect this information to improve the quality of our Services. For example, if caller ID indicates to one of our receptionists that you know the caller, we may answer in a more familiar tone or change the questions that we ask before transferring the incoming call to you. We may also request various permissions from your device to access your microphone, phone, and storage when you use the mobile application. We collect this information with your consent, and we use it to provide and improve our Services.
- Directly from you by phone, with your consent. If you participate in a phone call with a member of Ruby’s sales team, we may record the call. We engage in call recording for quality monitoring, training, to improve our Services, and for other internal business purposes. You will be notified if your call is being recorded. By staying on the line after receiving the notification, you consent to the call recording. If you do not consent to call recording, you may end the call or ask to not be recorded.
- From Callers, in our capacity as a service provider. As a service provider to our Customers, our receptionists may collect Personal Information from Callers on behalf of Customers via our virtual receptionist, virtual receptionist chat or other Services. We may collect Caller contact information and other Personal Information the Caller might choose to provide to us. For Customers using our chat Services, we may maintain transcripts of chats, emails, and other written communications conducted between those Customers and their Callers. When acting as a service provider, we only collect and use a Caller’s Personal Information at the direction of a Customer as governed by the Customer’s privacy notice, and we only use and share information we collect from Callers as permitted by our agreements with Customers or as permitted by law.
- From your employer, if your employer is a Customer and chooses to include you in its list of potential call recipients or gives you access to our mobile application, customer portal or dashboard, or other of our Services. Your employer may provide us with your name, phone number, job title and related information for these purposes. We collect and use this information in order to fulfill our contractual obligations to your employer.
- From Customers, in our capacity as a service provider. Customers that collect technical information about their Callers’ online activities may share that information with us. We may combine this information with other data to gather feedback about the Software and to run reports on behalf of our Customers. We only use information Customers provide to us in our capacity as a service provider as permitted by our agreements with Customers or as permitted by law. Note that Customers may use this information to provide their Callers with interest-based (behavioral) advertising or other targeted content. Ruby is not responsible for the privacy practices of any of our Customers or any third party. If you have any questions about a third-party advertisement or targeted content, you should contact the third party directly.
- From third parties, with a legitimate interest. Professional associations, advertisers, analytics companies, and other third parties may provide us with your contact information or Personal Information related to your internet or similar activities across different websites, apps and other online services. Ruby also has contractual relationships with certain unaffiliated websites, including TrustPilot, that allow us to share on our Site reviews and other content that you post publicly to those unaffiliated websites. If you post public reviews or comments about Ruby on other websites, we may share your review or comment and username on the Site. Ruby cannot control and will not be held liable the way other individuals or businesses may use the content you post publicly on any website. We may also obtain commercially available information related to Callers from a third-party data source on behalf of our Customers. We collect, use and maintain copies of this information for our sales and marketing purposes and in accordance with applicable law. If you have any questions about a third-party advertisement or other targeted content, please contact the third party directly.
Other Uses. In addition to the specific uses above, we might use also your Personal Information to:
- Monitor your compliance with any of your agreements with us and maintain accurate records.
- Protect your privacy and enforce this Privacy Notice.
- If we believe it is necessary, to identify, contact or bring legal action against persons or entities who may be causing injury to you, to Ruby, or to others.
- Comply with a law, regulation, legal process or court order.
- Fulfill any other purpose to which you consent.
Children Under the Age of 16. The Site, Software and our other Services are designed for visitors and users age 16 and older. We do not knowingly collect Personal Information from children under 16 without verification of parent or guardian consent. If we discover that a child under 16 has provided us with Personal Information without parent or guardian consent, we will delete such information from our systems. If you believe we might have any information collected online from a child under 16, or if you become aware of any unauthorized submission of information to Ruby, please contact us at email@example.com or 866-611-7829.
How does Ruby share my Personal Information?
Categories. In the preceding 12 months, Ruby has disclosed the following categories of Personal Information for a business purpose:
- Sensitive personal information
- Internet or other similar activity
- Employment-related information
- Commercial information
Recipients. Ruby may disclose Personal Information for a business purpose to the following recipients:
- Professional Associations. If you are a member of a professional association with which we have a referral or affinity agreement and you sign up to be a Customer, we may pay a referral fee to your professional association and, if requested by the association, provide the names and contact information of the association’s members who signed up for our Services, and the type or amount of Services used by a given association member. We will not share additional Personal Information about your use of the Services with your professional association.
- Service Providers. Vendors that provide us with services (collectively, “Service Providers”) may have access to your Personal Information in order to perform their contractual obligations. Our Service Providers include but are not limited to marketing companies, IT service providers, billing processors, and email and data hosting providers. We prohibit our Service Providers from selling or disclosing the Personal Information we provide, and we require all Service Providers to maintain confidentiality standards that are commercially reasonable to ensure the security of your Personal Information. The type of information that we provide to a Service Provider will depend on the service that they provide to us. To learn more about our Service Providers, read our Data Processing Agreement.
- Advertisers. We disclose information to Service Providers that are network advertisers, sponsors, and/or traffic measurement services (collectively, “Advertisers”) to enable those Advertisers to serve targeted advertisements to you on other websites or other media (e.g., social networking platforms). We allow some Advertisers to assist us with behavioral advertising by collecting and analyzing certain information when you visit our Site or use other Services (e.g., click stream information, browser type, time and date, subject clicked or scrolled over). Advertisers typically use a cookie or other technologies to personalize advertising content and measure the effectiveness of their ads, as described in our Cookie Notice.
- Affiliates. We disclose the information we collect from you to our affiliates or subsidiaries. If we do disclose your Personal Information to our affiliates or subsidiaries, their use and disclosure of your Personal Information will be subject to this Privacy Notice.
- Law enforcement, and other governmental agencies, as permitted or required by law.
- Cookie information recipients, subject to their respective privacy notices.
- Other Third Parties, as permitted by applicable law, for example: if we go through a business transition (e.g., merger, acquisition, or sale of a portion of our assets); to comply with a legal requirement or a court order; when we believe it is appropriate in order to take action regarding illegal activities or prevent fraud or harm to any person; to exercise or defend our legal claims; or for any other reason with your consent.
Aggregated and Deidentified Information. We reserve the right to share aggregated, anonymized, or deidentified information about any individuals with nonaffiliated entities for marketing, advertising, research or other purposes, without restriction.
What choices do I have regarding my Personal Information?
Ruby provides you the ability to exercise certain controls and choices regarding our collection, use and sharing of your Personal Information. Depending on where you reside, your options to control your Personal Information may include some or all of the following:
- Changing your subscription to the Services.
- Changing your preferences for how and about what we communicate with you.
- Correcting, updating, and deleting the Personal Information in your account. Please note that certain legal obligations may limit or prevent our ability to fulfill these requests, and that copies of information that you have updated, modified or deleted may remain viewable in cached and archived pages of the Site or Software for a period of time.
- Requesting access to the Personal Information we hold about you.
- Choosing whether to receive marketing communications from us, including promotions, surveys, and information about products and services that may be of interest to you.
- Controlling how the cookies we use interact with your browser.
At any time, you may exercise any of these controls and choices, express concerns, lodge a complaint, or obtain additional information about the use of your Personal Information by contacting us via the customer dashboard or by email at firstname.lastname@example.org. Read more about privacy rights available to residents of California, the European Union and Canada.
Do Not Sell My Personal Information. Ruby does not share your Personal Information in direct exchange for money, so we don’t sell your Personal Information in the literal sense. Like most companies, we share data with our service providers and other companies in order to help us generally enhance your experience with our Site and Services and, in some cases, deliver more meaningful ads to you. The law defines “sell” very broadly and, in some cases, sharing data for these purposes may be viewed as a “sale” under applicable privacy laws. You can opt out of these “sales” of your Personal Information by following this Do Not Sell My Personal Information link.
Do Not Track. Do Not Track signals are signals sent through a browser informing us that you do not want to be tracked. Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed below.
California Privacy Rights
This section provides residents of the State of California (“California Consumers”) with the disclosures and notices required under the California Consumer Privacy Act of 2018 (“CCPA”). The following paragraphs apply solely to California Consumers and describe the specific rights afforded under the CCPA.
Employee Data Exception. In many cases, the Personal Information we collect about you is in a business-to-business context when you are acting as an employee to a Customer or potential in the performance of your job duties. Please note that Personal Information collected and used in this context is not protected Personal Information under the CCPA.
Without limiting the foregoing, California Consumers may exercise the following rights over their Personal Information, subject to our receipt of a verifiable Consumer Privacy Request, as well as any exceptions and limitations that may apply.
- Right to Disclosure.You have the right to request that we disclose information to you about our collection and use of your Personal Information over the past 12 months, such as (i) the categories of Personal Information we have collected about you; (ii) the categories of sources for the Personal Information we have collected about you; (iii) our business purpose for collecting or selling that Personal Information; (iv) the categories of third parties with whom we share that Personal Information; and (v) if we sold or disclosed your Personal Information for a business purpose, two separate lists stating (a) sales, identifying the Personal Information categories that each category of recipient purchased; and (b) disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained. Ruby is only required to respond to two disclosure requests within a 12-month period.
- Right to Access. You have the right to request that we provide you with access to specific pieces of Personal Information we have collected about you over the past 12 months (also called a data portability request). If you submit a right to access request, we will provide you with copies of the requested pieces of Personal Information in a portable and readily usable format. Please note that Ruby is prohibited by law from disclosing copies of certain pieces of Personal Information (e.g., government identification numbers, financial account information, and passwords or security questions and answers) because the disclosure would create a substantial, articulable, and unreasonable risk to the security of the information, our business systems, or your account. Ruby is only required by law to respond to two access requests within a 12-month period.
- Right to Deletion. You have the right to request that we delete any of your Personal Information that we collected from you and retained, with certain exceptions. Ruby may permanently delete, deidentify, or aggregate the Personal Information in response to a request for deletion. If you submit a right to deletion request, we will confirm the Personal Information to be deleted prior to its deletion, and we will notify you when your request is complete.
- Right to Nondiscrimination. We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by law, we will not (i) deny you goods or services, (ii) charge you different prices or rates for goods or services, (iii) provide you a different level or quality of goods or services, or (iv) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services, because you exercised a right under the CCPA.
- Right to Disclosure of Marketing Information. California’s Shine the Light Act (Civil Code sections 1798.83-1798.84) entitles California residents to request certain disclosures regarding Personal Information sharing with affiliates and/or third parties for marketing purposes.
We endeavor to respond to a verifiable Consumer Privacy Request from a California Consumer within 45 days of receipt. If we require more time, we will notify you in writing of the reason and extension period. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding receipt of the verifiable consumer request. If we cannot comply with part or all of your request, we will explain the reasons in our response.
European Union Privacy Rights
We adopted this section to comply with the European Union’s General Data Protection Regulations (“GDPR”). This section applies solely to residents of the European Union (“EU Residents”). Ruby provides the Services to individuals located in the EU in our capacity as a data processor to our Customers. However, if an EU resident interacts with Ruby as a Customer or potential Customer, Ruby collects and processes their Personal Information as a data controller. If you are an EU Resident, you have the following rights in relation to the Personal Information we hold about you:
- Right to know how we process your Personal Information. We have set the required notices in this Privacy Notice. We may provide you with additional notices about other ways we process your Personal Data, such as by sending you a notice via email or by other means of communication.
- Right to access your Personal Information. You can request to access your Personal Information. Upon request, we will provide you with a copy of your Personal Information, along with details about the types of Personal Information we process, why we process it, and any third parties we work with to collect Personal Information on our behalf. We may have one or more legally valid reasons to refuse your request in whole or in part, for example in order to protect the rights of other individuals.
- Right to restrict processing of your Personal Information. You can request that we restrict the processing of your Personal Information if (i) the data is inaccurate, (ii) the processing is unlawful, (iii) we no longer need the Personal Information, or (iv) you exercise your right to object.
- Right to rectify your Personal Information. If you become aware that the Personal Information that we hold about you is incorrect, or if your situation changes (e.g., you change address), please inform us and we will update our records.
- Right to data portability. In some circumstances, we are required to provide your Personal Information to another organization at your request and in a structured, commonly used machine-readable format, so that the other organization can read and use it.
- Right to erasure (a.k.a. the “right to be forgotten”). Upon your request, and in certain circumstances and where we are required to do so by law, we are required to delete your Personal Information. This right is not absolute, and we may be entitled to retain and process your Personal Information despite your request. If you make this request, we balance certain legal, contractual and business interests against your right to request the deletion of your Personal Information.
- Right to object to certain processing of your Personal Information. Upon your request, and in certain circumstances and where we are required to do so by law, we will limit our processing of your Personal Information as you request.
- Right to not be subject to Automated Decision-Making (“ADM”). Ruby offers a chatbot Service that integrates with Customer websites and apps to generate leads from consumer inquiries, schedule and book appointments, and collect payments. The chatbot uses ADM to generate a response to your chat communications. The exact logic of the ADM may change based on the machine learning model employed. We use ADM in this manner based on our legitimate interest to provide our Customers with their subscribed-to Services. The chat bot Service only collects the minimum amount of Personal Information needed for this feature to function. You always have the option to communicate with a Customer by phone or email if you wish to avoid your Personal Information being processed using ADM. You may exercise your privacy rights over Personal Information processed using ADM, and you have the right to object to a decision made using ADM if the decision would produce legal effects or significantly affects you in another way.
EU Residents may exercise these rights over their Personal Information, subject to our receipt of a verifiable Consumer Privacy Request, as well as any exceptions and limitations that may apply.
Canadian Privacy Rights
We adopted this section to provide supplemental information in compliance with Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”). This section applies solely to residents of Canada where PIPEDA applies (“Canadian Consumers”). PIPEDA gives Canadian Consumers specific rights regarding Personal Information offering details on an identifiable person without the inclusion of name, title, telephone number and business address of an employee of a business or organization. The following paragraphs describe PIPEDA rights and explain how to exercise those rights.
- Right to know why we collect, use and distribute the Personal Information we process. We have set the required notices in this Privacy Notice. We may provide you with additional notices about other ways we process your Personal Data, such as by sending you a notice via email or by other means of communication.
- Right to expect us to collect, use or disclose Personal Information responsibly and not for any other purpose other than which you consented. We set your expectations in this Privacy Notice, and collect express or implied consent at various stages of collection or processing. If we collect or use your Personal Information based on your consent, we will also notify you of any changes and will request your further consent as needed. You may withdraw your consent at any time with reasonable notice by contacting us at email@example.com.
- Right to accuracy of your Personal Information. We take steps to reasonably ensure that your Personal Information we are using is accurate. In most cases, we rely on you to ensure that your information is current, complete and accurate. We provide methods for you to correct, update, and delete inaccurate Personal Information in your account, and we will provide you with reasonable assistance to ensure that your Personal Information is accurate in our systems and with our service providers.
- Right to access your Personal Information. Upon written request and identity authentication, we will provide you with your Personal Information under our control, information about the ways in which that information is being used and a description of the individuals and organizations to whom that information has been disclosed. We will make the information available within 30 days or provide written notice where additional time is required to fulfil the request. If limited by law or potential infringement on another’s privacy rights, we may not be able to provide access to some or all of the Personal Information you request. If we must refuse an access request, we will notify you in writing, document the reasons for refusal and outline further steps that are available to you.
Canadian Consumers may exercise the above rights over their Personal Information, subject to our receipt of a verifiable Consumer Privacy Request, as well as any exceptions and limitations that may apply.
Consumer Privacy Requests
Through the Services, Ruby provides methods for you to directly access, edit, delete or export certain Personal Information Ruby processes in your use of the Services. If you wish to exercise your rights under applicable privacy laws beyond these methods, please submit a verifiable Consumer Privacy Request:
Ruby may only legally fulfill a Consumer Privacy Request when we have sufficient information to verify that the requester is the person or an authorized representative of the person about whom we have collected Personal Information, and to properly understand, evaluate, and respond to the request. Note that if we process your Personal Information in our capacity as a service provider or data processor to a Customer, we may be required to instruct you to submit your request to that Customer.
We do not charge a fee to process or respond to a verifiable request unless we have legal grounds to do so, such as requests that are excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
How Does Ruby Keep My Personal Information Secure?
Data Security. We implement technical, organizational and physical measures in place to help protect your information from unauthorized access, processing or disclosure. We maintain internal policies to govern the collection, processing, access, and handling of data. We use technical safeguards to protect information online and stored on our systems. Please note, however, that no transmission of data over the Internet or mobile platforms is 100% secure, and we cannot guarantee that unauthorized third parties will not defeat our security measures or use your Personal Information for improper purposes.
Your Account. When you sign up or create an account with us, you will have a login and password. We encourage you to take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your login and password private. If you sign up for receptionist services, we will issue a call forwarding number to you. It is your choice as a Customer whether to share your call forwarding number with others. We are not responsible for any lost, stolen, or compromised passwords or call forwarding numbers, or for any activity on your account via unauthorized activity.
Consent to Transfer Personal Information from Outside the United States. Ruby is owned and operated in the United States. If you visit the Site or use our Services from outside of the United States, Personal Information we collect about you will be transferred to our servers in the United States and maintained there indefinitely. This may require the transfer of your Personal Information out of your country of origin with laws governing data collection and use that may differ from or be more restrictive than U.S. law, or may result in governments, courts, law enforcement or regulatory agencies having access to or obtaining disclosure of your Personal Information pursuant to the laws of the applicable foreign jurisdiction. By allowing us to collect Personal Information about you, you consent to the transfer and processing of your Personal Information as described in this paragraph.
Third Party Websites. This Privacy Notice applies only to information collected by Ruby. We may provide links to third-party websites from our Services for the convenience of our visitors and Customers, but we have no ability to control, and we are not responsible for, the privacy and data collection, use, and disclosure practices of third-party websites, including Customer websites. Any access to and use of linked websites is not governed by this Privacy Notice, but instead is governed by the privacy policies of those websites. We are not responsible for the information practices of such websites. We encourage you to review and understand the privacy notices of such websites before providing them with any information.
Changes to this Privacy Notice
If we make material changes to how we treat your Personal Information, we will post the revised Privacy Notice on this page. Your continued use of the Services after we make changes is deemed to be your acceptance of those changes. The date that this Privacy Notice was last revised is identified at the top of the page. You are responsible for periodically visiting this Privacy Notice to check for any changes.
If you have questions about our privacy practices or would like to make a complaint, please contact us at firstname.lastname@example.org or 866-611-7829.