Privacy Policy
Last Revised November 15, 2023
Protecting your privacy is fundamental to the way Agency Within, LLC dba WITHIN (“we”, “us”, or “our”) conduct business. This Privacy Policy explains how we may collect, use and disclose your personal information. You can jump to particular topics by going to the headings below:
Context | Types of Data | Primary Purpose for Collection and Use of Data |
---|---|---|
Client Information | We collect the name, usernames, and contact information, of our clients and their employees with whom we may interact | We have a legitimate interest in contacting our clients and communicating with them concerning normal business administration such as projects, services, and billing. |
Client User Account information | We collect personal data from our clients when they create an account to access and use the services or request certain free services from our website. This information could include business contact information such as name, email address, title, company information, and password for our services. | We have a legitimate interest in providing account-related functionalities to our users, monitoring account log-ins, and detecting potential fraudulent logins or account misuse. Additionally, we use this information to fulfill our contract to provide you with services |
Cookies and first party tracking | We use cookies and clear GIFs. “Cookies” are small pieces of information that a website sends to a computer’s hard drive while a website is viewed. See our Cookie Policy for more information. | We have a legitimate interest in making our website operate efficiently. |
Cookies and Third-Party Tracking | We participate in behavior-based advertising, this means that a third party uses technology (e.g., a cookie) to collect information about your use of our website so that they can provide advertising about products and services tailored to your interests on our website, or on other websites. See our Cookie Preference Center for more information. | We have a legitimate interest in engaging in behavior-based advertising and capturing website analytics. |
Demographic Information | We collect personal information, such as your age or location. | We have a legitimate interest in understanding our users and providing tailored services. |
Email Interconnectivity | If you receive an email from us, we use certain tools to capture data related to when you open our message, click on any links or banners it contains and make purchases. | We have a legitimate interest in understanding how you interact with our communications to you. |
Employment | If you apply for a job posting or become an employee, we collect the information necessary to process your application or to retain you as an employee. This may include, among other things, your Social Security Number. Providing this information is required for employment | We use information about current employees to perform our contract of employment or the anticipation of a contract of employment with you. In some contexts, we are also required by law to collect information about our employees. We also have a legitimate interest in using your information to have efficient staffing and workforce operations. |
Feedback / Support | We collect personal data from you contained in any inquiry you submit to us regarding our sites or services, such as completing our online forms, calling, or emailing for the purposes of general inquiries, support requests, or to report an issue. When you communicate with us over the phone, your calls may be recorded and analyzed for training, quality control and for sales and marketing purposes. During such calls, we will notify you of the recording via either voice prompt or script. | We have a legitimate interest in receiving and acting upon, your feedback, issues, or inquiries. |
Mailing List | When you sign up for one of our mailing lists we collect your email address or postal address. | We share information about our products and services with individuals that consent to receive such information. We also have a legitimate interest in sharing information about our products or services. |
Surveys | When you participate in a survey we collect information that you provide through the survey. If the survey is provided by a third-party service provider, the third party’s privacy policy applies to the collection, use, and disclosure of your information. | We have a legitimate interest in understanding your opinions and collecting information relevant to our organization. |
Website interactions | We use technology to monitor how you interact with our website. This may include which links you click on, or information that you type into our online forms. This may also include information about your device or browser. | We have a legitimate interest in understanding how you interact with our website to better improve it, and to understand your preferences and interests in order to select offerings that you might find most useful. We also have a legitimate interest in detecting and preventing fraud. |
Web logs | We collect information, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors. | We have a legitimate interest in monitoring our networks and visitors to our websites. Among other things, it helps us understand which of our services is the most popular. |
In addition to the information that we collect from you directly, we may also receive information about you from other sources, including third parties, business partners, our affiliates, or publicly available sources. For example, if you submit a job application, or become an employee, we may conduct a background check
How We Use Personal Information
We use the personal information we collect from you to fulfill the purpose for which it was provided to us, such as contacting you about our services, evaluating your employment application. We may also use your personal information: (1) to provide you with information, products or services that you request from us; (2) to provide you with email alerts, event registrations and other notices concerning our products or services, or events or news, that may be of interest to you; (3) to improve our website and present its contents to you; (4) for testing, research, analysis and product development; and (5) for any other purpose with your consent.
Although the sections above describe our primary purpose in collecting your information, in many situations we have more than one purpose. For example, if you sign up for services, we may collect your information to complete that transaction, but we also collect your information as we have a legitimate interest in maintaining your information after your transaction is complete so that we can quickly and easily respond to any questions about your services. As a result, our collection and processing of your information are based in different contexts upon your consent, our need to perform a contract, our obligations under the law, and/or our legitimate interest in conducting our business.
Disclosure of Personal Information
In addition to the specific situations discussed elsewhere in this policy, we may disclose personal information we collect from you: (1) if we believe disclosure is necessary or appropriate to protect the rights, property or safety of us, our clients or others (2) to contractors, service providers, and other third parties we use to support our business; (3) to fulfill the purpose for which you provide it; (4) to a buyer or other successor in the event of a sale, merger, reorganization or transfer of some or all of our business or assets; (5) for any other purpose disclosed by us when you provide the information; (6) to comply with any court order, law or legal process, including responding to any government or regulatory request; (7) to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections; or (8) with your consent. We do not sell or otherwise share personal information with third parties for direct marketing purposes.
Your Choices.
You can make the following choices regarding your personal information:
- Access To Your Personal Information. You may request access to your personal information by contacting us at the address described below. If required by law, upon request, we will grant you reasonable access to the personal information that we have about you.
- Right to Data Portability. You may have the right to obtain a copy of the Personal Data that you previously provided. We will provide this information in a portable format, to the extent technically feasible, readily usable format that allows you to transmit your Personal Data to another controller without hindrance, where the processing is carried out by automated means. Note that California residents may be entitled to ask us for a notice describing what categories of personal information (if any) we share with third parties or affiliates for direct marketing.
- Changes To Your Personal Information. We rely on you to update and correct your personal information. Most of our websites allow you to modify or delete your account profile. If our website does not permit you to update or correct certain information,
you contact us at the address described below in order to request that your information be modified. Note that we may keep historical information in our backup files as permitted by law. - Deletion Of Your Personal Information. Typically we retain your personal information for the period necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. You may, however, request information about how long we keep a specific type of information, or request that we delete your personal information by contacting us at the address described below. If required by law we will grant a request to delete information, but you should note that in many situations we must keep your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes.
- Objection to Certain Processing. You may object to our use or disclosure of your personal information by contacting us at the address described below.
- Online Tracking. We do not currently recognize automated browser signals regarding tracking mechanisms, which may include “Do Not Track” instructions.
- Promotional Emails. You may choose to provide us with your email address for the purpose of allowing us to send free newsletters, surveys, offers, and other promotional materials to you, as well as targeted offers from third parties. You can
stop receiving promotional emails by following the unsubscribe instructions in the e-mails that you receive. If you decide not to receive promotional emails, we may still send you service-related communications. - Promotional Text Messages. If you receive a text message from us that contains promotional information you can opt-out of receiving future text messages by replying “STOP.”
- Revocation Of Consent. If you revoke your consent for the processing of personal information then we may no longer be able to provide you services. In some cases, we may limit or deny your request to revoke consent if the law permits or requires
us to do so, or if we are unable to adequately verify your identity. You may revoke consent to processing (where such processing is based upon consent) by contacting us at the address described below.
Please address written requests and questions about your rights to questions.privacy.within@within.co or call us at 1-800-682-1707.
Note that, as required by law, we will require you to prove your identity. We may verify your identity by a phone call or email. Depending on your request, we will ask for information such as your name or other account information. We may also ask you to provide a signed declaration confirming your identity. Following a request, we will use reasonable efforts to supply, correct or delete personal information about you in our files.
In some circumstances, you may designate an authorized agent to submit requests to exercise certain privacy rights on your behalf. We will require verification that you provided the authorized agent permission to make a request on your behalf. You must provide us with a copy of the signed permission you have given to the authorized agent to submit the request on your behalf and verify your own identity directly with us. If you are an authorized agent submitting a request on behalf of an individual you must attach a copy of the following information to the request:
- A completed notarized statement executed by you and the consumer indicating that you have the authorization to act on the consumer’s behalf.
- If you are a business, proof that you are registered with the Secretary of State to conduct business in California.
If we do not receive both pieces of information, the request will be denied.
Data Security
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access and disclosure. The use of, and access to, your personal information by us is restricted to employees and contractors who need to know that information to provide services to you. We maintain physical, electronic and procedural safeguards to limit access to your nonpublic personal information.
Unfortunately, no method of transmission of information via the internet or electronic storage is completely secure. Although we use reasonable efforts to protect your personal information, we cannot guarantee the security of your personal information transmitted to us through our website or other electronic means. Any electronic transmission of personal information is at your own risk. In the event that we are required by law to inform you of a breach of your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
Generally, we will hold your personal information for as long as you are a customer and use our Services to ensure accuracy and to help maintain quality of service or if we are obliged to retain such information for legal, regulatory, fraud prevention and legitimate business purposes.
The precise periods for which we keep your personal information vary depending on the nature of the information and why we need it. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use and/or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) for research, statistical or other business purposes. We may use this aggregated, anonymized, or de-personalized information indefinitely without further notice. We may retain personal information for a commercially reasonable time for backup, archival, audit purposes, and/or to comply with legal obligations, resolve disputes and enforce
agreements. You can request further details of retention periods for different aspects of your personal information by contacting us.
We are a global business, with our primary location in the US. The personal information (or personal data) which we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”), including the US, Switzerland, India, and the Philippines. You acknowledge the transfer to, and storing, or processing outside of the EEA or UK of your personal data as set out in this Privacy Policy, and in the Other jurisdictions section below.
- International Data Transfers. WITHIN is located in the United States. Our service providers and other third parties you may interact with in connection with our services may be located in the United States and other countries around the world. As a result, your information may be processed in a foreign country where privacy laws may be less stringent than the laws in your country. Nonetheless, where possible we take steps to treat personal information using the same privacy principles that apply pursuant to the law of the country in which we first received your information. By submitting your personal information to us you agree to the transfer, storage and processing of your information in a country other than your country of residence including, but not necessarily limited to, the United States. To the extent personal information is collected and subsequently transferred out of the European Economic Area (“EEA”) or the United Kingdom (“UK”), you acknowledge the transfer to, and storing, or processing outside of the EEA or UK of your personal data as set out in this Privacy Policy, and in the Other jurisdictions section below. If you would like more information concerning our attempts to apply the privacy principles applicable in one jurisdiction to data when it goes to another jurisdiction you can contact us using the contact information below.
Other Important Information
- Third-Party Providers. Some applications and services embedded within, or linked from, our website, such as maps and social media platforms, are controlled by third-party providers. These third parties may use cookies, alone or in conjunction with other tracking technologies, to collect information about you when you use our website or navigate away from our website. These third parties may also have privacy policies that differ from ours. For example, they may collect personal information about your online activities over time and across different websites, and other online services, and may use this information to provide you with interest-based (behavioral) advertising or other targeted content. We do not control these third-parties or their privacy practices, and this Privacy Policy does not apply to any third-party website or service you may access through our website. If you have any questions about a third-party provider’s privacy policies or advertising, you should contact the responsible provider directly.
- Non-Personal Information. This Privacy Policy does not restrict our collection, use or disclosure of any aggregated information or information that does not identify, or cannot be reasonably linked to, any individual.
- Accessibility. If you are visually impaired, you may access this notice through your browser’s audio reader.
- Changes to Our Privacy Policy. We will post any changes we make to this Privacy Policy on our website. If we make material changes to how we treat personal information we collect from you, we may notify you by email or through a notice on our website homepage. The date this Privacy Policy was last revised is identified above. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting this Privacy Policy on our website to check for any changes.
Contact Information
If you have questions or comments about this Privacy Policy, please call or email us at questions.privacy.within@within.co or (800) 279-1810.
Children’s Policy
Because we care about the safety and privacy of children online, we comply with the Children’s Online Privacy Protection Act of 1998 (COPPA). COPPA and its accompanying FTC regulation establish United States federal law that protects the privacy of children using the Internet. In addition, other state laws protect the privacy of children. We therefore do not knowingly contact or collect personal information from children under 16. Our website is not intended to solicit information of any kind from children under 16. It is possible that by fraud or deception we may receive information pertaining to children under 16. If we are notified of this, as soon as we verify the information, we will immediately obtain parental consent or otherwise delete the information from our servers. If you want to notify us of our receipt of information by children under 16, please do so by emailing us at questions.privacy.within@within.co.
- Australia. If you are an Australian resident, and you are dissatisfied with our handling of any complaint you raise under this Privacy Policy, you may wish to contact the Office of the Australian Information Commissioner.
- Canada. Personal information maintained and processed by our affiliates and third-party service providers in the U.S. and other foreign jurisdictions may be subject to disclosure pursuant to a lawful access request by U.S. or foreign courts or government authorities. We will not provide your information to third parties for marketing purposes without your prior consent. For more information about our privacy practices; to access, update or correct inaccuracies in your personal information; or if you have a question or complaint about the manner in which we or our service providers treat your personal information, please contact us as set forth in the Contact us section of this Privacy Policy.
- European Economic Area (EEA) and the United Kingdom (UK). If you are located in the EEA, the UK we comply with applicable laws to provide an adequate level of data protection for the transfer of your personal data to the US.
- Transfers outside the EEA and UK. Where applicable law requires that a data transfer have legal mechanism, we use one or more of the following: Standard Contractual Clauses with a data recipient outside the EEA or the UK (or additionally, in the case of the UK, the International Data Transfer Agreement (IDTA) or Addendum to the Standard Contractual Clauses issued by the ICO), verification that the recipient has implemented Binding Corporate Rules, or other legal method available to us under applicable law. Complaints. If you are a resident of the EEA, and believe we process your information in scope of the General Data Protection Regulation (GDPR), you may direct your questions or complaints to the Office of the Data Protection Commissioner. If you are a resident of the UK, you may direct your questions or concerns to the UK Information Commissioner’s Office. To exercise your privacy rights set forth in this Privacy Policy, you may contact us as set forth in the Contact us section.
United States Privacy Laws
This Section describes our additional information practices related to your Personal Information under applicable state laws. This Section DOES NOT cover information that is exempted, including information that is protected by the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA).
- California. See our California Privacy Rights page.
- Connecticut (Effective July 1, 2023). Under the Connecticut Data Protection Act (“CTDPA”), Connecticut residents have the right to receive certain disclosures regarding a business’ processing of “Personal Data,” as defined under the CTDPA, as well as certain rights with respect to our processing of such Personal Data. To the extent you are a Connecticut resident, and we collect Personal Data subject to applicable Connecticut law, in addition to those rights outlined in Your Choices section above, you also have the following applies.
- Right to Opt-Out of Sale, Targeted Advertising, and Profiling: For purposes of the CTDPA, a “sale” includes disclosing Personal Data to a third party in exchange for monetary compensation or other valuable consideration. We do not “sell” Personal Information under this definition. Connecticut residents have the right to opt out of the processing of your Personal Data by us for decisions that produce legal or similarly significant effects concerning you. We do not process Personal Data for such profiling. To opt out of targeted marketing, where applicable, please click on the Opt-Out Link on the bottom of the website homepage.
- Right to Appeal: If we decline to take action regarding your request, you have the right to appeal. We will notify you providing our reasons and instructions for how you can appeal the decision. If the appeal is denied, we will provide a way for you contact the Attorney General to submit a complaint.
- Nevada. This notice is provided to you pursuant to state law. Nevada state privacy laws permit us to make marketing calls to existing customers, but if you prefer not to receive marketing calls, you may be placed on our internal opt-out list by emailing us at questions.privacy.within@within.co or you may also contact the Nevada Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington St., Ste 3900, Las Vegas, NV 89101; telephone 702-486-3132; email: AGCinfo@ag.nv.gov.
- Texas. If you have a complaint, first contact us by visiting our Website athttps://within.co/privacy-policy and emailing us at questions.privacy.within@within.co . If you still have an unresolved complaint regarding the company’s money transmission or currency exchange activity, please direct your complaint to the Texas Department of Banking: 2601 North Lamar Boulevard, Austin, TX 78705-4294; 1-877-276-5554 (toll free); www.dob.texas.gov.
- Utah (Effective December 31, 2023). Under the Utah Consumer Privacy Act (“UCPA”), Utah residents have the right to receive certain disclosures regarding a business’ processing of “Personal Data,” as defined under UCPA, as well as certain rights with respect to our processing of such Personal Data. To the extent you are a resident of Utah, and we collect Personal Data subject to applicable Utah law, in addition to those rights outlined in Your Choices section above, you also have the following rights:
- Right to Opt-Out of Sale, Targeted Advertising, and Profiling: For purposes of UCPA, a “sale” includes disclosing Personal Data to a third party in exchange for monetary compensation. We do not “sell” Personal Information under this definition. Utah residents have the right to opt out of the processing of your Personal Data by us for decisions that produce legal or similarly significant effects concerning you. We do not process Personal Data for such profiling. To opt out of targeted marketing, where applicable, please click on the Opt-Out Link on the bottom of the website homepage.
- Vermont. In accordance with Vermont law, we will not share information we collect about you with companies outside of WITHIN except as required or permitted by law. For example, we may share information to service your accounts, complete requested transactions, or to provide rewards or benefits to which you are entitled.
- Virginia (Effective January 1, 2023). Under the Virginia Consumer Data Protection Act (“VCDPA”), Virginia residents have the right to receive certain disclosures regarding a business’ processing of “Personal Data,” as defined under the VCDPA, as well as certain rights with respect to our processing of such Personal Data. To the extent you are a resident of Virginia and we collect Personal Data subject to applicable Virginia law, in addition to those rights outlined in Your Choices section above, you also have the following rights:
- Right to Opt-Out of Sale: Under the VCDPA, a “sale” includes disclosing or making available Personal Information to a third party in exchange for money. We do not “sell” Personal Information under this definition.
- Right to Opt-Out of Targeted Ads and Significant Profiling: You may have the right to opt out of the processing of your Personal Data by us for decisions that produce legal or similarly significant effects concerning you. We do not process Personal Data for such profiling. To opt out of targeted marketing, where applicable, please click on the Opt-Out Link on the bottom of the website homepage.
- Right to Appeal: If we decline to take action regarding your request, you have the right to appeal. We will notify you providing our reasons and instructions for how you can appeal the decision. If the appeal is denied, we will provide a way for you contact the Attorney General to submit a complaint.
Within California Privacy Notice
Last Updated: November 15, 2023
Scope of Notice
This California Privacy Policy (the “CA Notice”) supplements the information contained in our Privacy Policy and applies solely to individual residents of the State of California (“consumers” or “you”). This CA Notice describes how we collect, use, disclose, and otherwise process personal information of individual residents of the State of California, either online or offline, within the scope of the California Consumer Privacy Act of 2018 (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”) (collectively “CA Privacy Laws”).
Unless otherwise expressly stated, all terms in this CA Notice have the same meaning as defined in our Privacy Policy or as otherwise defined in the CA Privacy Laws.
When we use the term “personal information” in this CA Notice, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual, consumer or household. This CA Notice does not apply to personal information we collect when we are acting as a service provider to process information on behalf of our clients to whom we provide legal services. For the purposes of this CA Notice, personal information does not include:
- Publicly available information from government records.
- Deidentified, aggregated or anonymized information that is maintained in a form that is not capable of being associated with or linked to a consumer.
- Information excluded from the CA Privacy Laws’ scope, such as:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
- Information relating to our job applicants, employees, contractors and other Within personnel.
Collection and Use of Personal Information
We collect personal information from and about consumers for a variety of purposes. To learn more about the types of personal information we collect, the sources from which we collect or receive personal information, and the purposes for which we use this information, please refer to the How We Collect or Receive Personal Information and Disclosure of Personal Information sections of our Privacy Policy.
Selling or Sharing for Targeted Advertising.
We do not “sell” personal information as most people would typically understand that term. However, we do allow certain third-party partners and providers to collect information about consumers directly through our Services for purposes of analyzing and optimizing our Services and advertisements (ads), providing content and ads that are more relevant, measuring statistics and the success of ad campaigns, and detecting and reporting fraud. To the extent this practice is interpreted to constitute a “sale” under the CCPA, please see our Cookies Policy for more information including how to exercise your rights to opt-out of cookies, analytics and personalized advertising.
Rights and choices for California Residents.
- As a California resident, in addition to those privacy rights described in “Your Choices”, you may have the following additional privacy rights:
- Personal information sales rights. You have the right to direct us not to sell your personal information.
- Non-discrimination right. You have the right not to be discriminated against when you exercise any of the rights under the CA Privacy Laws Unless permitted by the CA Privacy Laws, we will not deny you goods or Services or actually charge, or suggest we charge you different prices or rates, or provide different levels of quality for goods and Services.
How to Exercise Your Privacy Rights
To exercise your rights please submit your request to questions.privacy.within@within.co As mandated by CA Privacy Laws, we will acknowledge receipt of your request within 10 days and will respond within 45 days of receipt of your request, but if we require more time (up to an additional 45 days) we will let you know. In some cases, you may designate an authorized agent to submit requests to exercise certain privacy rights on your behalf. We will require verification that you provided the authorized agent permission to make a request on your behalf. You must provide us with a copy of the signed permission you have given to the authorized agent to submit the request on your behalf and verify your own identity directly with us. If you are an authorized agent submitting a request on behalf of an individual, you must attach a copy of: (a) A completed written notice indicating that you have authorization to act on the consumer’s behalf signed by you and the consumer; and (b) if you are a business, proof that you are registered with the appropriate Secretary of State to conduct business in California. If we do not receive both pieces of information, the request will be denied.
Right to Know Disclosures. In the last 12 months, we have collected the following categories of personal information:
Categories of Personal Information That We Collect | To Whom We Disclose Personal Information for Business Purpose |
---|---|
Identifiers – this may include name, postal address, phone number, unique personal identifier, online identifier, internet protocol (IP) address, device ID, email address, account name, signature, social security number, driver’s license number, passport number, or other similar identifiers. |
|
Financial information – this may include bank account number, credit or debit card number, or other financial information. |
|
Medical / health insurance information – this may include information from a healthcare provider regarding an individual’s medical history, mental or physical condition, or treatment; an individual’s insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in the individual’s application and claims history. |
|
Protected characteristics – this may include race, gender, physical or mental disability, and religion. |
|
Commercial information – this may include information about products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies |
|
Geolocation data – this may include precise physical location. |
|
Electronic and sensory data – this may include audio, electronic, visual, thermal, olfactory, or similar information (e.g., pictures, a recording of a customer service call, security video surveillance footage). |
|
Professional / employment information – this may include occupation and professional references. |
|
Education information – such as information contained in education records. |
|
Contact Us
If you have any questions or requests in connection with this CA Notice or other privacy-related matters, please send an email questions.privacy.within@within.co