Redfish Labs, Inc. dba Torch Leadership Labs

Redfish Labs, Inc. dba Everwise

Privacy Policy

Last Reviewed on September 4, 2023
Welcome to Torch! The privacy and security of your personal information is important to us. If you have any questions at all about this Privacy Policy, please do not hesitate to contact us at privacy@torch.io.

TABLE OF CONTENTS

  • Applicability of this Privacy Policy
  • What Information Do We Collect?
  • How Do We Use the Information We Collect?
  • Do We Share Your Personal Information?
  • Cookie Policy – What are Tracking Technologies, such as Cookies and Web Beacons, and How Do We Use Them?
  • How Do We Secure Your Personal Information?
  • Your Choices Regarding Information
  • Links to Third-Party Websites
  • How We Respond to Do Not Track signals
  • Children Under 16
  • DMCA Notice
  • Your California Privacy Rights
  • Users Outside of the United States
  • Contact Us

 Applicability of this Privacy Policy

This Privacy Policy (“Privacy Policy“) applies to the Torch software and software-as-a-services platform, our website, and any related mobile applications and other websites or services provided by Torch (collectively, the “Services“) and explains how Redfish Labs, Inc. dba Torch Leadership Labs (“Torch,” “we,” “us,” or “our“) collects, uses, shares and otherwise processes information relating to natural persons (“Personal Information“). All capitalized terms not herein defined have the meanings ascribed to such capitalized terms in the Torch Master Services Agreement (the “Agreement“), which is hereby incorporated by reference. This Privacy Policy applies to any individual employee of our Corporate Customers and any other user of, or visitor to, the Services (“Client” or “you”). Torch processes Personal Information in the role of a processor where your Personal Information was submitted to us by one of our Corporate Customers. If you wish to exercise any of your rights with respect to your Personal Information for which we are a processor, please contact your employer (the Corporate Customer) directly.

We may update this Privacy Policy from time to time to reflect changes in our privacy practices. If we do, we will notify you of any changes by posting a notice on the Services. Changes that materially affect your rights or our obligations will go into effect thirty (30) days following such notification, at which point we will update the “Last Updated” date at the top of the page. Non-material changes or clarifications will take effect immediately. We encourage you to periodically check the Services and this page for updates.

You acknowledge that your use of the Services indicates to us that you have read this Privacy Policy and consent to the privacy practices described, and your continued use of our Services after we publish or send a notice about any changes to this Privacy Policy indicates that you have read and consent to the updated Privacy Policy.

Data Privacy Framework Program for EU, UK and Swiss Individuals

Redfish Labs, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Redfish Labs, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Redfish Labs, Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Pursuant to the Data Privacy Framework Principles, EU, UK and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct or amend incomplete or incorrect information, or delete the personal information that has been processed in violation of the principles. An individual who seeks access, or who seeks to correct, amend, or delete data transferred to the United States under DPF, should direct their query to privacy@torch.io.

As mentioned further in this policy, we do not rent, sell, or permit personal data to be used for reasons other than those for which it was originally provided.  If this practice should change in the future, we will update this policy accordingly and l provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@torch.io.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Torch’s accountability for personal data that it receives in the United States under the DPF Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, Torch remains responsible and liable under the Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Torch proves that it is not responsible for the event giving rise to the damage.

In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), Redfish Labs, Inc. commits to resolve complaints about our collection or use of your personal information transferred to the U.S. pursuant to the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. EU, UK, and Swiss individuals with inquiries or complaints should first contact privacy@torch.io.

Redfish Labs, Inc. has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

Torch commits to cooperate with EU data protection authorities (DPAs), the United Kingdom Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU, the UK and Switzerland in the context of the employment relationship.  EU, UK or Swiss individuals with HR complaints should not refer anything to BBB National Programs.

EU, UK or Swiss individuals wishing to contact their Data Protection office may find more information at the following links:
EU DPA’s:  https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
UK ICO:  https://ico.org.uk/make-a-complaint/uk-extension-to-the-eu-us-data-privacy-framework-complaints-tool/
Swiss FDPIC:  https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection—switzerland.html

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf

The Federal Trade Commission has jurisdiction with enforcement authority over Torch’s compliance with the Data Privacy Framework Principles.

What Information Do We Collect?

We collect information, including Personal Information, only where we have a lawful basis. Lawful bases on which we rely include your consent where you have given it, contract where processing is necessary for us to perform our obligations pursuant to a contract with you, and legitimate interests of our business such as operating and providing the Services to you.
We collect, store, and use information we get from your use of the Services, including the following categories of information (which, for clarity, include Personal Information):

  • Your profile information, which includes first name, last name, email address, phone number, your role at the Corporate Customer, and any other information you share when you create an account with us or otherwise access the Services.
  • Other Personal Information you voluntarily submit to the Services as part of your use thereof, which may include your date of birth, your profile picture, etc.
  • Other details about you that you voluntarily submit to Corporate Customers as part of your use of the Services.
  • Your responses to surveys that we may ask you to complete for research purposes or to help direct Torch activities.
    Details of how you use the Services.
  • Your internet protocol address (i.e., IP address) and, if you access the Services from a mobile application, mobile device identifiers and non-email authentication.
  • Browser and device information and information collected through Tracking Technologies (defined below), such as cookies, pixel tags, and other technologies.

How Do We Use The Information We Collect?

We use the information we collect for a variety of purposes, including to improve the Services, optimize our technology, and refine and customize our offerings and user experience.
In particular, we use the information we collect to:

  • Administer and provide the Services, enable you to use its features, and improve the overall user experience.
  • Communicate with you through email, text, SMS, message via social media platforms, telephone, or any other medium for which we have contact information so that we can provide you with information and updates about the Services.
  • Respond to comments and questions and provide technical support and customer support.
  • Analyze how you and other Clients use the Services using tools like Google Analytics, Hubspot and other tools to help us understand traffic patterns and know if there are problems with the Services.
  • Protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.
  • Link or combine user information with other Personal Information.
  • Compare information for accuracy, update our records, and verify it with third parties.

 

Do We Share Your Personal Information?

We do not rent, sell, or share your Personal Information with other people or non-affiliated third parties except with your consent or as necessary to complete any transaction or provide the Services or any specific service you have requested or authorized. We currently do not share personal data with third parties for their direct marketing purposes without your consent.
To help us do our work, we may provide limited access to some of your Personal Information to the following third parties:

  • Collaborating Organizations: Sometimes we collaborate closely with other groups to further our mission. In these cases, we may share your name, contact information and other details you provided when making an account with our partners.
  • Service Providers: We work with a wide range of third-party providers, notably our database administrators, cloud computing services, advertising services, data analysts, application service providers, bulk SMS services, and other non-governmental organizations. We do not authorize them to use or disclose your Personal Information except in connection with providing their services.
  • Payment processors:  We work with payment processors such as Stripe to help process credit card transactions and other payment methods made through the Services. These payment processors will store certain information about you. Please refer to their privacy policies to learn more about how they use your Personal Information.

We may also transfer your Personal Information to a third party as a result of a merger, acquisition, reorganization or similar transaction; when required by law or to respond to legal process; to protect our customers; to protect lives; to maintain the security of the Services; and to protect Torch’s rights or property. In such event, and to the extent legally permitted, we will notify you and, if there are material changes in relation to the processing of your Personal Information, give you an opportunity to consent to such changes.

We will also share Personal Information with companies, organizations or individuals outside of Torch if we have a good-faith belief that access, use, preservation, or disclosure of your Personal Information is reasonably necessary to (1) detect or protect against fraud or security issues, to enforce the Agreement, (2) meet any enforceable government request, (3) defend against legal claims, or protect against harm our legal rights or safety, or that of our staff and/or users.

Cookie Policy – What are Tracking Technologies, such as Cookies and Web Beacons, and How Do We Use Them?

We, or third parties we do business with, may use certain technologies to automatically collect log files and other information about your usage of, and the devices you use to access, the Services (“Tracking Technologies”). For example, we may use Tracking Technologies like cookies, log files, web beacons, session replay scripts, or similar technologies to help us analyze our web page flow, customize our services, content and advertising, measure promotional effectiveness and promote trust and safety. You may delete and block all cookies from the Services, but parts of the Services will not work. We want to be open about our cookie use.

Even if you are only browsing the Services, certain information (including computer and connection information, browser type and version, operating system and platform details, and the time of accessing the Services) is automatically collected about you. This information will be collected every time you access the Services and it will be used for the purposes outlined in this Privacy Policy.

You can reduce the information cookies collected from your device.  An easy way of doing this is often to change the settings in your browser. If you do that you should know that (a) your use of the Services may be adversely affected (and possibly entirely prevented), (b) your experience of this and other sites that use cookies to enhance or personalize your experience may be adversely affected, and (c) you may not be presented with advertising that reflects the way that you use our and other sites. You find out how to make these changes to your browser at this site: www.allaboutcookies.org/manage-cookies/.  Unless you have adjusted your browser settings so that it will refuse cookies, our system will send cookies as soon as you access the Services.  By using the Services you consent to this, unless you change your browser settings.

Web beacons may be used to track the traffic patterns of users from one page to another in order to maximize web traffic flow. Our third-party advertising service providers may also use web beacons to recognize you when you access the Services and to help determine how you found the Services. If you would like more information about this and to know your choices about not having this information used by these companies, please visit: the Digital Advertising Alliance’s website, http://www.aboutads.info/, or the Network Advertising Initiative’s website, http://networkadvertising.org/consumer/opt_out.asp.

How Do We Secure Your Personal Information?

We take reasonable steps to protect your Personal Information against unauthorized access, alteration, disclosure, misuse, or destruction. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.  The safety and security of your Personal Information also depends on you. If you create an account with us, you are solely responsible for keeping your account details confidential, including any access credentials like passwords or mobile device PINs.

Your Rights Regarding Your Personal Information

You have certain rights with respect to the storage, use, and sharing of Personal Information that is submitted to us, which are listed below. If you wish to exercise any of your rights with respect to your Personal Information, please contact your employer (the Corporate Customer) directly. If you contact us, we will use commercially reasonable efforts to work with the applicable Corporate Customer to respond to your request.

If your employer has entered into an agreement with Torch pursuant to which an alternative privacy policy applies to your personal information, then such alternative privacy policy terms will apply to our use of your personal information in lieu of this Privacy Policy. Please contact your employer for additional information regarding this.

  • Changing, Correcting, or Deleting Your Personal Information. All users may review, update, correct or delete the Personal Information furnished by a user, and/or other content uploaded by the user, to a Corporate Customer.
  • Downloading or Accessing Your Personal Information. You may obtain a copy of your Personal Information, as well as information about its processing.
  • Withdrawing Consent (Opting Out). Where processing Personal Information is based on your consent, you have a right to withdraw consent at any time for future processing.
  • Lodging Complaints. You have a right to lodge a complaint with a data protection authority.

Links to Third-Party Websites

We may provide links to other websites through our Services. We have no control over these websites and they are subject to their own terms of use and privacy policies. As such, we do not endorse and are not responsible for the availability of, or for any content, advertising, products, or other materials on or available from, these third-party websites.

By using the Services, you agree that we will not be liable for any damage or loss caused by your use of or reliance on any content, advertising, products, or other materials on or available from these third-party websites.

How We Respond to Do Not Track Signals

Your browser settings may allow you to automatically transmit a Do Not Track signal to websites and other online services you visit. We do not alter our practices when we receive a Do Not Track signal from a visitor’s browser because we do not track our visitors to provide targeted advertising. To find out more about Do Not Track, please visit http://www.allaboutdnt.com.

Children Under 16

The Services is not directed to individuals who are under age of sixteen (16) and we do not solicit nor knowingly collect Personal Information from children under the age of sixteen (16). If you believe that we have unknowingly collected any Personal Information from someone under the age of sixteen (16), please contact us immediately at privacy@torch.io and the information will be deleted.

DMCA Notice

If you own a copyright or have authority to act on behalf of a copyright owner and want to report a claim that a third party is infringing that material on or through our Services, please send a notice to our copyright agent that includes all of the items below and we will expeditiously take appropriate action. Our designated copyright agent to receive such claims can be reached at dmca@torch.io. This process does not limit our ability to pursue any other remedies we may have to address suspected infringement.

  1. A description of the copyrighted work that you claim is being infringed;
  2. A description of the material you claim is infringing and that you want removed or access to which you want disabled and the URL or other location of that material;
  3. Your address, telephone number, and email address;
  4. The following statement: “I have a good faith belief that the use of the copyrighted material I am complaining of is not authorized by the copyright owner, its agent, or the law (e.g., as a fair use)”;
  5. The following statement: “The information in this notice is accurate and, under penalty of perjury, I am the owner, or authorized to act on behalf of the owner, of the copyright or of an exclusive right that is allegedly infringed”; and

An electronic or physical signature of the owner of the copyright or a person authorized to act on the owner’s behalf.

A Note to Users Outside the United States

Torch is based in the United States. The Services are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. Your Personal Information may be collected, transferred to, stored and otherwise processed in any country where we have facilities or in which we engage service providers. By using the Services you consent to the transfer of information to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country.

We may also process Personal Information using other compliance mechanisms to ensure that transfers of Personal Information are provided an adequate level of protection as required by law, such as by entering into appropriate contractual arrangements (such as, where applicable, the standard contractual clauses for the transfer of data as approved by the European Commission) or by asking for your prior consent.

Contact Us

Please do contact us at privacy@torch.io if you have any complaints or concerns with respect to your privacy. If you believe we are unable to assist you, you may have the right to lodge a complaint with a supervisory authority in the relevant jurisdiction.

For individuals in the European Union, a list of Supervisory Authorities is available here:
https://edpb.europa.eu/about-edpb/board/members_en.

Individuals in the United Kingdom may find more information about the ICO here :
https://ico.org.uk/make-a-complaint/uk-extension-to-the-eu-us-data-privacy-framework-complaints-tool/

Swiss individuals may locate FDPIC information here:
https://ico.org.uk/make-a-complaint/uk-extension-to-the-eu-us-data-privacy-framework-complaints-tool/

However, we are committed to working with you to resolve any complaint or concern you may have with respect to your privacy.