StarLeaf privacy notice
At StarLeaf Limited (“StarLeaf” or “we” or “us”), we care about privacy, security and transparency; these are core tenets in our company’s mission. Toward that, this privacy notice tells you what to expect when StarLeaf collects personal information about you, including:
- how your information was obtained;
- what information we collect and why;
- with whom your information may be shared;
- use of StarLeaf cookies on our websites;
- the StarLeaf cloud service; and
- future changes to this privacy notice.
StarLeaf Limited holds registration number 066215999 with a registered address at 6th Floor, One London Wall, London, EC2Y 5EB, United Kingdom. The main websites for StarLeaf are https://starleaf.com and via the Cloud Services Portal at https://portal.starleaf.com .
This privacy notice is effective as of 1 May 2018.
If your StarLeaf subscription was purchased through a partner or reseller, we received your information via that agency. Your reseller and partner works with StarLeaf to ensure your service can be activated, and they serve as a Data Controller (“Controller”) whereas StarLeaf is acting as a Data Processor (“Processor”).
We may also collect information when you visit our websites; we use a third-party analytics service called Google Analytics to collect, analyze and tally metrics regarding website visits. Analytics collected help us to determine many things, including the quantity of visitors over time, the geographic location from which visitors arrive, timeframes of high and low usage, the sites most frequented, the pages most frequented, and other helpful data. The Company processes data in ways to ensure individual identity is not stored, only anonymous metrics. Furthermore, it is forbidden for Google to determine, or attempt to determine, the identity of individuals visiting our websites, and this anonymity is inherited by StarLeaf.
We may also collect information about your service usage that is generated by your StarLeaf subscription. This data is helpful for service operations activities such as troubleshooting, diagnostics and capacity trending.
The personal information we collect depends on the service subscription; different types of information may be collected from a website compared to the types of data collected from our Services. In most cases, the information collected contains:
- email address which may also be used in association with your service;
- regional location;
- service settings;
- call detail records;
- account login credentials;
- tickets, if working with one of our support centers;
- conference data, if you invite meeting participants to scheduled conferences;
- audio, video, and content recording if you subscribe to the recording service and record a meeting;
- telephone number, if you provide it;
- contacts that you add to your StarLeaf app or device;
- connection history;
- public and private IP addresses;
- network performance history;
- technical information about your device hardware and operating system;
- call diagnostics;
- instant messages;
- video and voice mails.
If working with our service desk to troubleshoot an issue, we may also gather information about the type of computer systems you use, including associated devices such as microphones and video cameras as these are relevant to the services offered by StarLeaf. The information may also include your IP address, operating system, browser type, language preferences, and other relevant details to help StarLeaf ensure your service is working correctly.
Our websites employ cookies to collect information about you. Cookies are small text files which are placed on your browser by our websites. When you visit our websites again, the cookie allows StarLeaf to recognise your browser. Cookies are useful because they help us make your experience more enjoyable. They help us to monitor the way in which the websites are used and allow us to recognise your device (for example, your laptop or mobile device) so that we can tailor your experience. We do not use cookie technology to collect personal information about you. You can find out more about cookies at www.allaboutcookies.org.
Our websites employ the following types of cookie:
- . These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.
- . These cookies collect information about how you use our website. They allow us to recognise and count the number of visitors and to see how visitors move around our websites when they are using it. This helps us to improve the way our websites work, for example, by ensuring that users are finding what they are looking for easily. These cookies are sometimes placed by third party providers of web traffic analysis services, such as Google Analytics.
. These cookies remember choices you make and are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- “ ” is used to prevent users from having to re-enter login details after navigating away and back to the page.
- “ ” is used to speed up display of proxied pages.
As noted earlier, we employ Google Analytics. For information on how Google processes and collects your information and how you can opt-out, please see here .
This section applies to users of the Cloud Services. If you only use our public website, this section does not apply to you. StarLeaf Cloud Services are an Internet-based communication platform designed to enable business users to communicate using messaging, video or voice calls. In this privacy notice, the word “Portal” means a secure website of the service configured to permit authorized users view, add, remove and manage users. The person adding you for the first time to an organisation will provide certain information about you for provisioning, such as your name, company name, work email address and work telephone number. Using this information, we will provide you with a user ID (an email address) and account activation email to access the Service.
Wherever possible, the media associated with all StarLeaf originating or terminating audio and video communications (“calls”) is encrypted, and cannot be accessed by any StarLeaf employees or partners or resellers. Calls are not monitored or recorded, except for videomail and voicemail messages, and calls which are explicitly recorded and saved by our customers using StarLeaf’s recording services products. Videomail and voicemail messages cannot routinely be accessed by StarLeaf employees. Recordings saved using StarLeaf’s Recording Services products cannot, under any circumstances, be accessed by StarLeaf employees. Where you have given us your consent, we may monitor calls in order to investigate bugs and service issues. Call records will not be made available to anyone outside of StarLeaf, without the prior consent of the organisation whose StarLeaf Cloud Services account was used to originate the calls. StarLeaf may de-identify or depersonalize data into anonymized and aggregate data that it derives from Customers (“Anonymous Data”). Anonymous Data means data that includes no personal data or unique identifiers that could later be used to refer to the personal data to which the data was once associated. StarLeaf uses only anonymous data in performing analyses, and may disclose anonymous data to its customers who have requested such analyses and to third parties where we are contractually entitled to do so.
From time to time, StarLeaf provides Cloud Services to healthcare providers, and serves as a “Business Associate” (as that term is defined pursuant to the HIPAA Privacy Rule per 45 CFR 160.103) to such providers in relation to the handling of electronic protected health information (“ePHI”).
StarLeaf respects your right to privacy and we do not use or share your personal information in any other way beyond what has been written in this privacy notice. For instance, we do not sell your information to anyone, including but not limited to third parties for their own marketing use.
As a data processor, StarLeaf is acting under the instructions of the data controller, and may share your data with the controller in support of your service. The controller has administrative access to the StarLeaf portal, and may access call detail records for the purpose of troubleshooting, diagnostics, capacity management, billing and reporting. It should be noted that the content of your video meetings is not shared with anyone, and this capability does not exist in the administrative portal.
We may also share your data with our subprocessors who facilitate the delivery of your service, which could include G-Suite, MailChimp, Freshdesk, Salesforce, Pardot, Plivo, Twilio, and Sendgrid. For each entity, a data processing agreement exists between StarLeaf and the subprocessor, with matching flow-down terms outlining sufficient guarantees of technical safeguards for the protection of personal information.
We will inform you or your data controller if we are required to share your information under any of the following circumstances: (i) to the extent that we are required to do so by applicable law, by a governmental body or by a law enforcement agency, or for crime prevention purposes; (ii) in connection with any legal proceedings (including prospective legal proceedings); (iii) in order to establish or defend our legal rights; (iv) in the event that we buy or sell any business or assets, in which case we may disclose your personal data to the prospective sellers or buyer of such business or assets; or (v) if a third party acquires all (or substantially all) of our business and/or assets, we may disclose your personal information to that third party in connection with the acquisition.
In servicing your subscription, we may transfer personal information that we collect to third parties located in countries that are outside of the European Economic Area (including to the following countries: Australia, Japan and the USA) or to members of our group of companies in the USA in connection with the above purposes. We will not do this without ensuring (a) a proper data processing agreement is in place per articles 28-36 of Regulation EU 2016/679), as well as (b) Standard Contractual Clauses where the European Commission has made a ruling of inadequate safeguards.
At StarLeaf, we have security teams actively working to keep your information protected, reviewing our security posture and improving our shield from unauthorized access, accidental loss, disclosure or destruction. Toward this, we employ physical, technical, administrative, and organisational safeguards to protect the personal information we collect and process. Administrative and organisational policies and procedures are documented in the StarLeaf Information Security Management System (ISMS) where appropriate controls are designed to maintain an adequate level of data confidentiality, integrity and availability. We also test the StarLeaf continuity of operations plan supporting our services, including the core infrastructure and networking components distributed throughout our global data centers.
Third-party auditing is performed by an independent security and compliance firm, ensuring administrative, physical, technical and organisational measures meet compliance requirements. Attestations of compliance are made available independently, along with risk management and technical vulnerability management evidence of practice.
Guiding principles: At StarLeaf, we maintain the following guiding principles for security and compliance:
- StarLeaf strives—with security by design—to protect the confidentiality, integrity, and availability of its information assets and those of its clients.
- StarLeaf complies with all applicable privacy and data protection laws.
- StarLeaf balances the need for business efficiency with the requirement to protect sensitive, proprietary, or other confidential information from undue risk.
- StarLeaf extends the least level of privilege to its associates to perform work functions, and restricts access to sensitive, proprietary and confidential information.
- StarLeaf provides security and compliance training to its employees, recognizing the best line of defense starts with informed and educated personnel.
With StarLeaf, you have the following rights:
- The right to ask us to provide you with copies of personal information that we hold about you at any time, subject to a fee specified by law.
- The right to ask us to update and correct any out-of-date or incorrect personal information that we hold about you free of charge.
- The right to opt out of any marketing communications that we (or any third party to whom we have disclosed your personal information with your consent) may send you.
If you wish to exercise any of the above rights, please contact us at the address specified below.
As our services evolve, this privacy notice may change, or other privacy notices may be written and posted specific to new offerings or to keep pace with data privacy laws. When changes are substantial, we will endeavour to make you aware of any forthcoming changes by attempting to contact you via our user interfaces, portals, or through your partner or reseller. If you have questions or comments on a future privacy notice, you may write us at firstname.lastname@example.org.
If you have any questions about how we collect, store and use personal information, or if you have any other privacy-related questions, please contact us by email at email@example.com.