Privacy and Security Policies
At Feng Office, we always put our clients and our users first. We have worked hard to make these policies the leading standard in data protection, encompassing both data security and privacy. We make our best effort to take all possible technical, legal, and organizational measures to protect your personal data against accidental and unlawful destruction or accidental loss, alteration, unauthorized disclosure or access.
As a Software as a Service provider, Feng Office handles two main concerns and two main sets of information.
The two main concerns are:
- How do we protect the privacy and confidentiality of the information we collect from you.
- What measures we take (legal, technical and procedural) to ensure the security of your data.
The two mains sets of information are:
- Anything you tell us about yourself (either by visiting our website, talking on the phone, emailing, filling out forms, or any other form of direct communication).
- Anything you store in your own installation of Feng Office.
In the following sections, we describe the policies that address these concerns and the treatment of each set of data.
We hope you find these policies not only satisfactory, but the best in the industry. With that said, if you do not agree to any of our security or privacy policies, we kindly ask that you choose not to use our website and/or our services.
As an introduction to our policies, let’s begin by further defining the two main sets of information.
The first set of information (we call it ‘Personal Information’) is used to provide you with the best possible service. Our only intention is to reach out to you for support and to make your experience with Feng Office a good and pleasant one. We do use that information to provide you with news about Feng Office, the industry in general, and services we offer that we believe might be of interest to you. If at any point you feel we are being overwhelming or invasive, we have processes in place to reduce our communication outreach – even to the point of deleting all records we have of you.
Another frequent concern and something we honor is: we don’t share or sell your personal information to any third-party entities. The only people who have access to your personal information through our systems are our employees, partners, and contractors, and they use this information with the sole purposes described above. Everybody on our team signs a confidentiality agreement and a code of conduct that expressly forbids them of using this data with any other purpose. We implement technical and procedural security controls to monitor and ensure this.
The second set of information (we call it ‘Private Information’) is the business information you trust Feng Office, through your installation of our platform, to store and process for you. Nobody, other than you and your team, can access this information without your explicit permission. The only reason we would access this information is to help you troubleshoot any issues, support you during your Feng Office implementation, or any other action that you request from us to help you make the best use of the system.
When client data is stored on the Feng Office cloud, it is physically stored in a specialized Data Center. Data Centers are buildings specially equipped to host server computers and possess many security measures to control access; as well as contingency measures to ensure power supply, redundant network access; as well as preventive measures to block intrusion attempts, cope with fires, earthquakes, and other acts of nature or vandalism that could affect a system server.
The Feng Office team works hard to select its Data Centers, ensuring their security and confidentiality policies adhere to Feng Office standards, and are among the largest and most recognized in the world.
Feng Office Data Centers have been designed to provide the maximum level of security and confidentiality. All Feng Office Data Centers have a 24*7*365 system for monitoring, redundant energy, fire prevention and additional hardware security systems.
To access Data Center rooms, several security and surveillance measures have to be met, ensuring that only authorized personnel access the location.
Technical Security Measures
Feng Office owns and manages its proprietary security controls, firewalls, antivirus and monitoring systems to ensure 24 x 7 x 365 hardware and software support and control of its client’s data and systems, ensuring detection and alerts over suspicious activity.
All of Feng Office’s infrastructure servers are up to date with the latest versions and secured with state-of-the-art software security systems.
All Feng Office servers are dedicated for Feng Office only (No shared or virtualized environments are used).
Each and every client installation hosted on the Feng Office cloud is backed up in adherence to our backup policies, detailed below.
Access to Feng Office servers is restricted by a dual password system. No Feng Office employee has the technical possibility of accessing the servers without the additional approval of a colleague.
In case a client wishes to encrypt their information transferred to and from their Feng Office installation, an SSL certificate that enables HTTPS connections can be deployed.
How, where and how often is the data backed up?
All cloud based Feng Office installations are backed up to ensure data integrity.
Backups are performed using state-of-the-art technology in real time. Backups include a copy of the database as well as a copy of the file-system files, so data integrity is safeguarded in case of hardware or software failure.
Backups are performed in an independent server, under an independent geographical location, so that data integrity is also ensured in case of large-scale disasters (fires, earthquakes, armed attacks, etc.).
All clients have, at their disposal, a copy of their system, which can be downloaded free of charge once a month; or more often should the client contract a higher frequency service.
Additionally, a weekly backup of the server is made and kept on a third geographical location, so that information has a double backup system.
Privacy Policies for Private Information
In using the Services, you may upload or input various types of content, including but not limited to: tasks, attachments, project names, team names, and conversations (together, the “Content” or “Private Information”).
This information is treated with the highest possible level of privacy and confidentiality that we can provide, and we take every possible legal, technical and procedural measure to ensure this policy. The security policies have been described in the section above. The legal and procedural policies are described in the section below.
If you are using the Services in connection with an account created by a Feng Office Customer (e.g., employer, organization, or an individual), the service will automatically collect, store and process the content you submit on behalf of the customer. As described more throughout this Policy, our Customers, and not Feng Office, determine their own policies regarding storage, access, modification, deletion, sharing, and retention of Content which may apply to your use of the Services. For example, a Customer may provide or remove access to the Services, enable or disable third party integrations, manage permissions, retention and export settings, transfer or assign teams, or share projects.
Please check with the Customer about the policies and settings that they have instituted with respect to the Content that you provide when using the Services.
Legal measures to ensure data confidentiality
Feng Office uses all reasonable legal measures to ensure client data is protected and confidential. The Feng Office Terms of Service clearly states that Feng Office does not own and has no rights over the customer’s data that is stored on its servers.
All personal information that Feng Office collects is either entered directly and with the consent of the person, or is publicly available, published and shared with the consent of the person.
For the purposes of this regulation, the appointed controller, processor, and data protection officer is Mr. Conrado Viña. All GDPR related concerns, compliance requests, rectification, and data removal requests shall be directed at firstname.lastname@example.org.
Every Feng Office employee signs a Non Disclosure Agreement, a Confidentiality Agreement, and a Code of Conduct with an obligation to respect and protect our client’s data confidentiality.
In addition, no Feng Office employee is allowed to access a client database or file system, unless it is required for a particular system support task. In every case, the explicit authorization of the client is required.
Data Centers, used by Feng Office for the physical accommodation of their servers, also have security and confidentiality policies that are compatible with its own. This means that Data Center employees have legal and technical restrictions that impede them from accessing the servers. Feng Office will keep strict secrecy and will not reveal, nor concede client data stored within their Feng Office systems to third parties, neither during, nor after the length of its contracts.
All data provided to Feng Office, either by clients or potential clients, will not be shared in any way unless the client or an authorized representative of the client makes an explicit request. Client data will be solely used for the provision, support, administration, and delivery of Feng Office products and services.
Additionally, Feng Office offers its client the possibility to select the country of their Data Center, and an On-Premise service, allowing the client to choose where to install and host its information.
Access by third parties and client staff
Feng Office System offers a very robust and granular permission system. The client defines permissions to Feng Office System directly, managing users permissions and rights. It is also the client’s responsibility to determine who accesses and uses the information.
This means you can control who your Content is used by/shared with others via your settings on the System. Feng Office may view and share your Content only as necessary (i) to maintain, provide and improve the Service; (ii) prevent or address technical or security issues and resolve support requests; (iii) as reasonably necessary to allow Feng Office to comply with or avoid the violation of applicable law or regulation; (iv) to comply with a valid legal subpoena, request, or other lawful process that meets the requirements of our Law Enforcement Guidelines; and (v) as set forth in our Subscription Agreement with the Customer or as expressly permitted in writing by the Customer. We may also analyze your usage aggregated statistics (on an anonymized basis) in order to better understand the manner in which our Service is being used.
All Feng Office systems access is restricted by passwords. Feng Office optionally provides an advanced password policy system.
As part of our services, Feng Office also offers access control by IP addresses. In case the Client would like to restrict access to the Feng Office System by IP addresses, it is enough to contact Feng Office Support Team, and provide a list with the IP addresses to either allow or block.
Privacy Policies for Personal Information
Feng Office collects a variety of information that you provide directly to us or that is publicly available. We process your information when necessary to provide you with the Services that you have requested when accepting our Terms of Service, or where we have obtained your prior consent, or where we have a legitimate interest to do so. For example, we may have a legitimate interest to process your information for security, testing, maintenance, and enhancement purposes of the Services we provide to you, or for analytics, research, and reporting purposes. Without your information we cannot provide you with the Services you have requested or you may be limited in your use of the Services.
What types of information does Feng Office collect
The types of information we collect will depend upon the Services you use, how you use them, and what you choose to provide. The types of data we collect directly from you may include:
- Name, address, telephone number and email address
- Optional information such as a photograph that you elect to associate with your account (your “Profile Information”)
- Log-in details, including password (encrypted and non-reversible), if you create a user account for one of the Services.
- Any email, requests, or questions you submit to us
- User-generated content you post in public online Feng Office forums (e.g., the Feng Office Blog)
How does Feng Office collect information
Feng Office collects personal information from you through:
- Your account and administration of your account
- The Feng Office Services that you use (User names, emails and phone numbers only)
- Requests or questions you submit to us via forms or email (e.g., support forms, sales forms, user research participation forms)
- Your communications and dealings with us
- Your participation in Feng Office research studies
- Uploads or posts to our Public Services (online forums, blogs, public surveys)
- Requests for customer support and technical assistance
If you are a user of our paid premium service, we will utilize a third party credit card payment processing company (PCI compliant) to collect payment information, including your credit card number, billing address and phone number. The third party service provider, and not Feng Office, stores your payment information on our behalf.
Information about others
If you choose to use our invitation service to invite a friend or contact to the Services, we will ask you for that person’s contact information, which may include their email address or their social network identity, and automatically send an invitation. Feng Office stores the information you provide to send the invitation, to register your friend or contact if your invitation is accepted, and to track the success of our invitation service.
How Long We Store Your Information
We will retain your information for the period necessary to fulfill the purposes outlined in this Policy unless a longer or a shorter retention period is required or permitted by law.
Information we automatically collect
When you use our Services that connect to the Internet, including, but not limited to, when you access the Services via our websites, your mobile devices, and your installation of the Feng Office platform, we automatically collect certain information as described in this Section.
We and our service providers (which are third party companies that work on our behalf to provide and enhance the Services) use a variety of technologies, including cookies and similar tools, to assist in collecting this information.
As discussed throughout our policies, this information is used with the sole purpose of providing our clients with the best possible system and is not shared with any third-party for any other purposes. We only partner with Third-Party Service providers that guarantee this policy.
When you use the Services, our servers automatically record certain information in server logs. These server logs may include information such as your web request, Internet Protocol (“IP”) address, browser type and settings, referring / exit pages and URLs, number of clicks and how you interact with links on the Services, metadata associated with uploaded Content, domain names, landing pages, pages viewed, mobile carrier, date and time stamp information and other such information.
When you access the Services using a mobile device, we collect specific device information, including your MAC address and other unique device identifiers. We also collect information such as the type of device you are using, its operating system, and mobile network information, which may include your mobile phone number. We may associate this device identifier with your account and will use data associated with your device identifier to customize our Services to your device and to analyze any device-related issues.
Location Information. We collect and process general information about the location of the device from which you are accessing the Service (e.g., approximate geographic location inferred from an IP address).
Information we collect from Third-Party integrations
If you choose to use third-party integrations through the Services or are required to do so by a Customer, such providers may allow us and our service providers to have access to and store additional information about your interaction with those services and platforms as it relates to the use of the Services. If you do not wish to have this information shared, do not initiate these connections.
Collection of information across devices
Sometimes, we may use the information we collect — for instance, usernames, IP addresses and unique mobile device identifiers — to locate or try to locate the same unique users across multiple browsers or devices (such as smartphones or tablets) in order to save your preferences across devices and produce usage statistics of the Services.
Cookies and similar technologies
To collect the information in the “Information We Automatically Collect” section above, we and our service providers use Internet server logs, cookies, tags, SDKs, tracking pixels, and other similar tracking technologies. A web server log is a file where website activity is stored. An SDK is a section of code that we embed in our applications and software to allow third parties to collect information about how users interact with the Services. A cookie is a small text file that is placed on your computer or mobile device when you visit a site, that enables us to: (i) recognize your computer and login session; (ii) store your preferences and settings; (iii) understand which web pages of the Services you have visited; (iv), enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests; (v) perform analytics; and (vi) assist with security and administrative functions. Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads and/or email, and that are designed to provide usage information like ad impressions or clicks, email open rates, measure popularity of the Services and associated advertising, and to access user cookies. As we adopt additional technologies, we may also gather information through other methods.
Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari).
How we use your personal information
- Complete a purchase or provide the services you have requested
- Respond to your request for information and provide you with more effective and efficient customer service
- Provide you with product updates and information about products you have purchased from us
- Provide you with service notifications via email and within the Services based on your notification selections
- Contact you by email, postal mail, or phone regarding Feng Office and third-party products, services, surveys, research studies, promotions, special events and other subjects that we think may be of interest to you
- Customize the advertising and content you see
- Help us better understand your interests and needs, and improve the Services
- Synthesize and derive insights from your use of different Feng Office products and services
- Engage in analysis, research, and reports regarding use of our Services
- Provide, manage, and improve the Services
- Protect our Services and our users
- Understand and resolve app crashes and other issues being reported
We may aggregate and/or de-identify information collected through the Services so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including research and marketing purposes.
Online Analytics and Advertising
We use third-party web analytics services (e.g., Google Analytics) on our websites to collect and analyze the information discussed above, and to engage in auditing, research and reporting. The information (including your IP address) collected by various analytics technologies described in the “Cookies and similar Technologies” section will be disclosed to or collected directly by these service providers, who use the information to evaluate your use of the websites, including by noting the third-party website from which you arrive, analyzing usage trends across Feng Office products and mobile devices, assisting with fraud prevention, and providing certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on.
If you receive email messages from us, we may use certain analytics tools, such as clear GIFs, to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns.
Third parties or affiliates may administer Feng Office banner advertising programs and other online marketing on non-Feng Office websites and services. To do so, these parties may set and access first-party cookies delivered from an Feng Office domain, or they may use third-party cookies or other tracking mechanisms. For example, a third-party provider may use the fact that you visited the Feng Office website to target online ads for Feng Office services to you on non-Feng Office websites. Or a third-party ad network might collect information on the Services and other websites to develop a profile of your interests and target advertisements to you based on your online behavior. These parties that use these technologies may offer you a way to opt out of ad targeting as described below. You may receive tailored advertising on your computer through a web browser.
How we share (and don’t share) your information
As stated above, Feng Office does not share any of your private information, unless required by law, and even in such an instance we will do our best effort to protect your information, requiring extensive and sufficient information from government entities, and communicating with you in the process.
For the provision and delivery of our services, and for marketing and advertising purposes, Feng Office will share your information in the following ways:
- Affiliates and Subsidiaries. We may share all information we collect within the Feng Office family of companies.
- Service Providers. We may provide access to or share your information with select third parties who perform services on our behalf. These third parties provide a variety of services to us, including without limitation billing, sales, marketing, provision of content and features, advertising, analytics, research, customer service, shipping and fulfillment, data storage, security, fraud prevention, payment processing, and legal services.
- Third-Party Integrations. When you initiate a connection with a third-party integration through the Services (e.g., Quickbooks), we will share information about you that is required to enable your use of the third-party integration through the Services.
- Public Forums. The Services make it possible for you to upload and share comments or feedback publicly (i.e., outside of the Feng Office mobile and web app) with other users, such as on the Feng Office blog and forums. Any information that you submit through such public features is not confidential, and Feng Office may use it for any purpose (including in testimonials or other Feng Office marketing materials). Any information you post openly in these ways will be available to the public at large and potentially accessible through third-party search engines. Such information can be read, collected and/or used by other users, and it could be used to send you unsolicited messages. Accordingly, please take care when using these features of the Services.
- Aggregate/De-Identified Information. From time to time, Feng Office may share Aggregate/De-Identified Information about use of the Services, such as by publishing a report on usage trends. As stated above, this Policy places no limitations on our use or sharing of Aggregate/De-Identified Information.
- Consent. We may also disclose your information to third parties with your consent to do so. For example, we will display your Profile Information on your profile page and elsewhere on the Services in accordance with the preferences you set in your account. You can review and revise your Profile information at any time.
Your data, your choices
Third Party Links and Services
The Services contain links to third-party websites such as social media sites, and also contain third-party integrations. If you choose to use these sites or integrations, you may disclose your information not just to those third-parties, but also to their users and the public more generally depending on how their services function. Because these third-party websites and services are not operated by Feng Office, Feng Office is not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your personal and other information will be subject to the privacy policies of the third party websites or services, and not this Policy. We urge you to read the privacy and security policies of these third-parties.
The Services are intended for general audiences and not for children under the age of 13. If we become aware that we have collected personal information (as defined by the Children’s Online Privacy Protection Act) from children under the age of 13, we will take reasonable steps to delete it as soon as practicable.
If you want to learn more about the information collected through the Services, or if you would like to access or rectify your information and/or request deletion of information we collect about you, or restrict or object to the processing of your information, please contact us using the contact information below. Where you have provided consent, you may withdraw your consent at any time, without affecting the lawfulness of the processing that was carried out prior to withdrawing your consent. If you are dissatisfied with the way we process your information, you may lodge a complaint with the data protection authority (“DPA”) in your jurisdiction. If you are a resident of France, your DPA is the Commission Nationale de l’Informatique et des Libertés (“CNIL”). If you are a resident of Germany, please see the DPA located in your particular state. If you are a resident of France, you may provide us with instructions regarding the manner in which we may continue to store, erase and share your information after your death, and where applicable, the person you have designated to exercise these rights after your death.
Changes to our Security and Privacy Policies
We reserve the right to amend this Policy at any time to reflect changes in the law, our data collection and use practices, the features of our Services, or advances in technology. We will make the revised Policy accessible through the Services, so you should review the Policy periodically. If we make a material change to the Policy, you will be provided with appropriate notice and we will seek your consent to the updated Policy in accordance with legal requirements.
Feng Office contact information