Privacy Policy | IOOGO

Privacy Policy

IOOGO Inc. – Commitment to Protecting Customer Data

Published as of January 1, 2020

IOOGO INC. (“IOOGO”, “we”, “our”, or “us”) protects taxpayer data by adhering to internal technical standards and requirements in compliance with the Federal Trade Commission’s (“FTC”) Safeguards Rule. This document is intended to outline our policies regarding data safeguards and the different methods by which we protect taxpayer data (this “Security Policy”). This Security Policy forms a part of, and is incorporated into the Terms and Conditions (found here: www.ioogo.com/terms-of-use/). The processes, measures, standards, and safeguards described herein are designed to respond to, and incorporate, certain publications by the FTC, Internal Revenue Service (“IRS”) and National Institute of Standards and Technology (“NIST”). Because of the sensitivity surrounding taxpayer data (much of which is considered Personally Identifiable Information “PII”), this Security Policy is designed to be more robust than the typical privacy policy.

 

I. Overview and Purpose:
The purpose of this Security Policy is to have certain policies in place to safeguard taxpayer or client data, and to ultimately protect against tax-related identity theft.  In order to stay up to date and to keep this Security Policy responsive to the latest cybersecurity threats, we have designated our Chief Operating Officer to periodically review the standards contained herein.  Our Chief Operating Officer will also evaluate the effectiveness of the safeguards in place for controlling risks to taxpayer data, and revise this policy as necessary.

II. Risk Identification and Assessment:
Although we are a small business, our clients entrust us with extremely sensitive information.  The main risk to our business as tax preparers is the unintentional misuse of taxpayer data and identity fraud.  When evaluating service providers, we ensure that any contract with said service provider will include a covenant requiring the service provider to maintain proper data safeguards and oversee any customer information that such service provider may come into contact with, in compliance with the Safeguards Rule.

III. Commitment to Continuing Compliance:
As mentioned in Section I, we will regularly evaluate and adjust this Security Policy and related safeguards, on a continuous basis and in regular intervals.  Certain extraordinary events, such as material changes in our business or our operations, may be a cause of redrafting of the Security Policy to reflect any such change.  We view our commitment to security as ongoing, and this Security Policy will be updated as such.

 

IV. Security and Privacy Standards for e-Filers
In accordance with the security and privacy standards laid out in IRS Publication 1345, IOOGO has in place the following standards and procedures (as of the date of publication of this Security Policy, January 1, 2020):

 

  1. Extended Validation SSL Certificate;
  2. External Vulnerability Scan;
  3. Information Privacy and Safeguard Policies (this Security Policy);
  4. Website Challenge-Response Test;
  5. Public Domain Name Registration; and
  6. Reporting of Security Incidents.

 

V. Workplace Safeguards and Standards:
In addition to our commitment to protect taxpayer data on the back end, we also have measures in place to ensure that our employees understanding how to properly handle sensitive client data. Specifically:

 

(a) Employees:

(b) Information Systems:

(c) Detecting and Managing System Failures:

 

VI. General Terms:

(a) Information We Collect:

We collect “Non-Personal Information” and PII.  Non-Personal Information includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks. We collect information related to your business for the purpose of carrying out the Services.

 

    1. Information collected via technology. In an effort to improve the quality of the Services, we track information provided to us by your browser or by our software application when you view or use the Services, such as the website you came from (known as the “referring URL”), the type of browser you use, the device from which you connected to the Services, the time and date of access, and other information that does not personally identify you. We track this information using cookies, or small text files which include an anonymous unique identifier.  Cookies are sent to a user’s browser from our servers and are stored on the user’s computer hard drive.  Sending a cookie to a user’s browser enables us to collect Non-Personal Information about that user and keep a record of the user’s preferences when utilizing our Services, both on an individual and aggregate basis. We may use both persistent and session cookies; persistent cookies remain on your computer after you close your session and until you delete them, while session cookies expire when you close your browser.

 

  1. Information you provide us by registering for an account. In addition to the information provided automatically by your browser when you visit the Site, to become a customer to the Service you will need to create a personal profile. You can create a profile by registering with the Service and entering your full name, phone number, email address, referral source, mailing address and creating a user name and a password.  By registering, you are authorizing us to collect, store and use your email address in accordance with this Privacy Policy.

 

(b) How We Use and Share Information:

    1. PII. Except as otherwise stated in this Privacy Policy, we do not sell, trade, rent or otherwise share for marketing purposes your PII with third parties without your consent. We may share PII with vendors who are performing services for the Company, such as for third party integrations. Those vendors use your PII only at our direction and in accordance with our Privacy Policy. In general, the PII you provide to us is used to help us communicate with you.  For example, we use PII to contact users in response to questions, solicit feedback from users, provide technical support, and inform users about promotional offers. We may send you offers and information related to our Services from which you may opt out via the unsubscribe function in the email. We may also send you important account related information, from which you cannot opt out.

Non-Personal Information.

  1. In general, we use Non-Personal Information to help us improve the Services and customize the user experience. We also aggregate Non-Personal Information in order to track trends and analyze use patterns on the Site. This Privacy Policy does not limit in any way our use or disclosure of Non-Personal Information and we reserve the right to use and disclose such Non-Personal Information to our partners, advertisers and other third parties at our discretion. In the event we undergo a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, your PII may be among the assets transferred. You acknowledge and consent that such transfers may occur and are permitted by this Privacy Policy, and that any acquirer of our assets may continue to process your PII as set forth in this Privacy Policy.  If our information practices change at any time in the future, we will post the policy changes to the Site so that you may opt out of the new information practices.  We suggest that you check the Site periodically if you are concerned about how your information is used.

 

(c) How We Protect Information

We implement security measures designed to protect your information from unauthorized access.  Your account is protected by your account password and we urge you to take steps to keep your personal information safe by not disclosing your password and by logging out of your account after each use. We further protect your information from potential security breaches by implementing certain technological security measures including encryption, firewalls and secure socket layer technology.  However, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software.  By using our Services, you acknowledge that you understand and agree to assume these risks.

 

(d) Your Rights Regarding the Use of Your PII

You have the right at any time to prevent us from contacting you for marketing purposes.  When we send a promotional communication to a user, the user can opt out of further promotional communications by following the unsubscribe instructions provided in each promotional e-mail. Please note that notwithstanding the promotional preferences you indicate by either unsubscribing or opting out in the Settings section of the Site, we may continue to send you administrative emails including, for example, periodic updates to our Privacy Policy, or other important account information.

 

(e) Customer Data

“Customer Data” means all information processed or stored on the Service by you or on your behalf, as well as any information derived from such information. So, Customer Data includes, without limitation:

(i) information provided on the Service;
(ii) information provided to us by you regarding others or by other third parties; and
(iii) PII from such persons.

 

Unless we receive your prior written consent, we will not:

(i) access, process, or otherwise use Customer Data other than as necessary to facilitate the Services;
(ii) give any of our employees access to Customer Data except to the extent that such individual needs access to facilitate the Services; and
(iii) give any third party access to Customer Data.

 

Notwithstanding the foregoing, we may disclose Customer Data as required by applicable law or by proper legal or governmental authority. We will give you prompt notice of any such legal or governmental demand and reasonably cooperate with you in any effort to seek a protective order or otherwise to contest such required disclosure, at your expense.

 

You possess and retain all right, title, and interest in and to Customer Data, and our use and possession thereof is solely on your behalf.

 

(f) Links to Other Websites

As part of the Services, we may provide links to or compatibility with other websites or applications. However, we are not responsible for the privacy practices employed by those websites or the information or content they contain. This Privacy Policy applies solely to information collected by us through the Site and the Service.

Therefore, this Privacy Policy does not apply to your use of a third party website accessed by selecting a link on our Site or via our Services. To the extent that you access or use the Service through or on another website or application, then the privacy policy of that other website or application will apply to your access or use of that site or application. We encourage our users to read the privacy statements of other websites before proceeding to use them.

 

VII. Additional Information for Users from California:

Since 2005, California Civil Code Section 1798.83 permits our customers who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. We do not share our customer’s personal information with unaffiliated third parties for their own direct marketing purposes.

 

Since January 1, 2015, California Business and Professions Code Section 22581 permits you, if you are a California resident under the age of 18, to view, correct, or remove information provided by you or publicly posted by you, by accessing your Downpour account through or another product or service as applicable and editing/removing your personal information. You will need your password to access your personal account. You may also send us an email asking us to remove certain posted content using the address in the Contact Us section below. In the alternative, you may write to us using the address in the Contact Us section below.

 

We will be happy to review, update or remove information and/or content as appropriate. Residual copies of information and/or content that have been removed from your account and/or the Site may remain in our backup systems for approximately one month. We may still retain your information to resolve disputes, enforce our user agreement, or comply with legal requirements; in this case, your personal information will be blocked from use for any other purpose.

 

California Business and Professions Code Section 22575(b) (as amended effective January 1, 2014) permits our customers who are California residents to be informed as to how we respond to web browser “Do Not Track” settings. As Do Not Track is a standard that is currently being developed, we do not take actions to respond to Do Not Track settings, and instead we adhere to the standards set out in this Privacy Policy.  If you would like to find out more about Do Not Track you may find the following link useful: http://www.allaboutdnt.com/.

VIII. Additional Information for Users from the European Economic Area

We only process your personal information where we can rely on legal grounds to do so. We process your personal information for the performance of our Services, to provide or support of our products, or for any other feature you request or enable. This includes, for example, using your personal information to administer your account, provide contests or promotions in which you have enrolled; support purchases you make, support game functionality, provide global customer service, or provide a fair gaming experience by using anti-fraud technologies such as bans or blocks of accounts.

 

We may ask for your consent to collect or use your personal information for specific purposes. This includes, for example, providing newsletters, direct e-mails, and surveys about our Properties and certain other marketing features.

 

We rely on several legitimate interests in using and sharing your personal information. These interests include: to provide you with requested customer service or technical support, to debug and improve our current and future Services, in order to give you exclusive content, personalize your online experience with us and contact you in accordance with applicable marketing preferences, exploring ways to develop and grow our operations, ensuring the safety and security of our Services, and for the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity.

 

We process your personal information for compliance with a legal obligation to which we are subject.

 

You may object to the processing of your personal information based on a legitimate interest on grounds relating to your particular situation. You may control the extent to which we market to you and you have the right to request that we stop sending you marketing messages at any time using the contract information listed above.

 

In certain circumstances, you can request that we transfer personal information that you have provided to us. You can send your request to us using the contact information listed above.

 

Where we rely on your consent in order to process your personal information, you have the right to withdraw such consent to further use of your personal information at any time.

 

IX. Disclosures to Users Outside the United States and the European Economic Area (EEA)

If you are a visitor to the Site or other online products and services from outside the U.S., the personal information you provide will be collected, processed and stored directly on, or transferred to, servers in the United States or other countries that may not have equivalent data protection laws to the country where you reside.

 

When we transfer your personal information outside the EEA we rely on appropriate or suitable safeguards recognized under applicable data protection laws.  For example, when we transfer personal information collected in the EU to locations outside the EEA, we rely on transfer mechanism adopted by the European Commission to help establish adequate safeguards, like Standard Contractual Clauses or consent of the individual to transfer personal information from the EEA to non-EEA countries. By using our Services, you expressly consent to such collection, transfer, and processing. We may also need to transfer your personal information to provide the Services to you in accordance with our existing agreements to you.

 

X. EEA-Specific Rights

If you are located in the EU, upon request, we will provide you with information about whether we hold any of your personal information along with any details required to be provided to you under applicable law.  In certain cases, you may also have a right to:

 

To submit a request, please contact us as set forth in the Contact Us section below.  We will respond to your request within a reasonable time.

 

You also have the right to withdraw your consent to our processing of your personal information, if our processing is solely based on your consent. You can do this by discontinuing use of the Services, including by closing all of your online accounts with us and contacting us as set forth in the Contact Us section below to request that your personal information be deleted.  If you withdraw your consent to the use or sharing of your personal information for the purposes set out in this Privacy Policy, you may not have access to all (or any) of the Services, and we might not be able to provide you all (or any) of the Services.

Please note that, in certain cases, we may continue to process your personal information after you have withdrawn consent and requested that we delete your personal information, if we have a legal basis to do so.  For example, we may retain certain information if we need to do so to comply with an independent legal obligation, or if it is necessary to do so to pursue our legitimate interest in keeping the Services secure.

 

If you have any complaints regarding our privacy practices, we ask that you reach out to [list email], as set forth in the Contact Us section below. You also have the right to submit a complaint with your national data protection authority (i.e., supervisory authority).

 

XI. Contact Us

If you have any questions regarding this Privacy Policy or the practices of this Site, please contact us by sending an email to support@ioogo.com.

 

Last updated: December 15, 2019