Effective date: March 1, 2019
When we refer to “Mundo Pato”, we mean the Mundo Pato Inc. entity that acts as the controller or processor of your information.
Information We Collect And Receive
Mundo Pato may collect and receive Client Data and other information and data (“Other Information”) in a variety of ways:
Client Data. Clients or individuals granted access to a Service by a Client (“Authorized Users”) routinely submit Client Data to Mundo Pato databases when using the Services.
Other Information. Mundo Pato also collects, generates and/or receives Other Information:
I. Service and Account Information. To create or update a Service account, you or your Client (e.g., your employer) supply Mundo Pato with an email address, phone number, password, domain and/or similar account details. In addition, Clients that purchase a paid version of the Services provide Mundo Pato (or its payment processors) with billing details such as credit card information, banking information and/or a billing address.
II. Usage Information.
Services Metadata. When an Authorized User interacts with the Services, metadata is generated that provides additional context about the way Authorized Users are performing tasks. For example, Mundo Pato logs the Services used, programs executed, session notes, etc., channels, people, features, content and links you interact with, the types of files shared and what Third Party Services are used (if any).
Log data. As with most websites and technology services delivered over the Internet, our servers automatically collect information when you access or use our Websites or Services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Website or Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data.
Device information. Mundo Pato collects information about devices accessing the Services, including type of device, what operating system is used and application IDs. Whether we collect some or all of this Other Information often depends on the type of device used and its settings.
Location information. We receive information from you, your Client and other third-parties that helps us approximate your location. We may, for example, use a business address submitted by your employer, or an IP address received from your browser or device to determine approximate location.
IV. Third Party Services. Client can choose to permit or restrict Third Party Services for their Service. Typically, Third Party Services are software that integrate with our Services, and Client can permit its Authorized Users to enable and disable these integrations for their Service. Once enabled, the provider of a Third Party Service may share certain information with Mundo Pato . For example, if a cloud storage application is enabled to permit files to be imported to a Service, we may receive user name and email address of Authorized Users, along with additional information that the application has elected to make available to Mundo Pato to facilitate the integration. When a Third Party Service is enabled, Mundo Pato is authorized to connect and access Other Information made available to Mundo Pato in accordance with our agreement with the Third Party Provider. We do not, however, receive or store passwords for any of these Third Party Services when connecting them to the Services.
V. Third Party Data. Mundo Pato may receive data about organizations, industries, Website visitors, marketing campaigns and other matters related to our business from parent corporation(s), affiliates and subsidiaries, our partners or others that we use to make our own information better or more useful. This data may be combined with Other Information we collect and might include aggregate level data, such as which IP addresses correspond to zip codes or countries. Or it might be more specific: for example, how well an online marketing or email campaign performed.
VI. Additional Information Provided to Mundo Pato . We receive Other Information when submitted to our Websites or if you participate in a focus group, contest, activity or event, apply for a job, request support, interact with our social media accounts or otherwise communicate with Mundo Pato Inc..
Generally, no one is under a statutory or contractual obligation to provide any Client Data or Other Information (collectively, “Information”). However, certain Information is collected automatically and, if some Information, such as Service setup details, is not provided, we may be unable to provide the Services.
How We Use Information
Client Data will be used by Mundo Pato in accordance with Client’s instructions, including any applicable terms in the Client Agreement and Client’s use of Services functionality, and as required by applicable law. Mundo Pato is a processor of Client Data and Client is the controller. Client may, for example, use the Services to grant and remove access to a Service, assign roles and configure settings, access, modify, export, share and remove Client Data and otherwise apply its policies to the Services.
Mundo Pato uses Other Information in furtherance of our legitimate interests in operating our Services, Websites and business. More specifically, Mundo Pato uses Other Information:
To provide, update, maintain and protect our Services, Websites and business. This includes use of Other Information to support delivery of the Services under a Client Agreement, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities or at an Authorized User’s request.
As required by applicable law, legal process or regulation.
To communicate with you by responding to your requests, comments and questions. If you contact us, we may use your Other Information to respond.
To develop and provide search, learning and productivity tools and additional features. Mundo Pato tries to make the Services as useful as possible for specific Services and Authorized Users. For example, we may improve search functionality by using Other Information to help determine and rank the relevance of content, channels or expertise to an Authorized User, make Services suggestions based on historical use and predictive models, identify organizational trends and insights, to customize a Services experience or create new productivity features and products.
To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as emails about new product features, security and fraud notices. These communications are considered part of the Services and you may not opt out of them. In addition, we sometimes send emails about promotional communications or other news about Mundo Pato. These are marketing messages so you may control whether you receive them. • For billing, account management and other administrative matters. Mundo Pato may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments.
To investigate and help prevent security issues and abuse.
How We Share And Disclose Information
This section describes how Mundo Pato may share and disclose Information. Clients determine their own policies and practices for the sharing and disclosure of Information, and Mundo Pato does not control how they or any other third parties choose to share or disclose Information.
Client’s Instructions. Mundo Pato will solely share and disclose Client Data in accordance with a Client’s instructions, including any applicable terms in the Client Agreement and Client’s use of Services functionality, and in compliance with applicable law and legal process.
Displaying the Services. When an Authorized User submits Other Information, it may be displayed to other Authorized Users in the same or connected Services. For example, an Authorized User’s email address may be displayed with their Service profile. Collaborating with Others. The Services provide different ways for Authorized Users working in independent Services to collaborate, such as shared programs and users. Other Information, such as an Authorized User’s profile Information, may be shared, subject to the policies and practices of the other Service(s).
Client Access. Owners, administrators, Authorized Users and other Client representatives and personnel may be able to access, modify or restrict access to Other Information. This may include, for example, your employer using Service features to export logs of Service activity, or accessing or modifying your profile details. • Third Party Service Providers and Partners. We may engage third party companies or individuals as service providers or business partners to process Other Information and support our business. These third parties may, for example, provide virtual computing and storage services.
Third Party Services. Client may enable or permit Authorized Users to enable Third Party Services. When enabled, Mundo Pato may share Other Information with Third Party Services. Third Party Services are not owned or controlled by Mundo Pato and third parties that have been granted access to Other Information may have their own policies and practices for its collection and use. Please check the privacy settings and notices in these Third Party Services or contact the provider for any questions.
During a Change to Mundo Pato ’s Business. If Mundo Pato engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Mundo Pato’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all Other Information may be shared or transferred, subject to standard confidentiality arrangements.
Aggregated or De-identified Data. We may disclose or use aggregated or de-identified Other Information for any purpose. For example, we may share aggregated or de-identified Other Information with prospects or partners for business or research purposes, such as telling a prospective Mundo Pato Client the average amount of time spent within a typical Service.
To Comply with Laws. If we receive a request for information, we may disclose Other Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property or safety of Mundo Pato or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
With Consent. Mundo Pato may share Other Information with third parties when we have consent to do so.
Mundo Pato takes security of data very seriously. Mundo Pato works hard to protect Other Information you provide from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Other Information we collect, process and store, and the current state of technology. Given the nature of communications and information processing technology, Mundo Pato cannot guarantee that Information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others.
To the extent prohibited by applicable law, Mundo Pato does not allow use of our Services and Websites by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will take steps to delete such information.
Data Compliance Officer
To communicate with our Compliance Officer, please email email@example.com.
Identifying The Data Controller And Processor
Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of information. In general, Client is the controller of Client Data. In general, Mundo Pato is the processor of Client Data and the controller of Other Information.
Individuals located in certain countries, including the European Economic Area, have certain statutory rights in relation to their personal data. Subject to any exemptions provided by law, you may have the right to request access to Information, as well as to seek to update, delete or correct this Information. You can usually do this using the settings and tools provided in your Services account. If you cannot use the settings and tools, contact Client for additional access and assistance: firstname.lastname@example.org.
To the extent that Mundo Pato ’s processing of your Personal Data is subject to the General Data Protection Regulation, GDPR, Mundo Pato relies on its legitimate interests, described above, to process your data.
Contacting Mundo Pato
Data Request Policy
Mundo Pato receives requests from users and government agencies to disclose data other than in the ordinary operation and provision of the Services. This Data Request Policy outlines Mundo Pato’s policies and procedures for responding to such requests for Client Data. Any capitalized terms used in this Data Request Policy that are not defined will have the meaning set forth in the Client Terms of Service. In the event of any inconsistency between the provisions of this Data Request Policy and the Client Terms of Service or written agreement with Client, as the case may be, the Client Terms of Service or written agreement will control.
Requests for Client Data by Individuals
Third parties seeking access to Client Data should contact the Client regarding such requests. The Client controls the Client Data and generally gets to decide what to do with all Client Data.
Requests for Client Data by Legal Authority
Except as expressly permitted by the Contract or in cases of emergency to avoid death or physical harm to individuals, Mundo Pato will only disclose Client Data in response to valid and binding compulsory legal process. Mundo Pato requires a search warrant issued by a court of competent jurisdiction (a federal court or a court of general criminal jurisdiction of a State authorized by the law of that State to issue search warrants) to disclose Client Data.
All requests by courts, government agencies, or parties involved in litigation for Client Data disclosures should be sent to email@example.com and include the following information: (a) the requesting party, (b) the relevant criminal or civil matter, and (c) a description of the specific Client Data being requested, including the relevant Client’s name and relevant Authorized User’s name (if applicable) and type of data sought.
Requests should be prepared and served in accordance with applicable law. All requests should be narrow and focused on the specific Client Data sought. All requests will be construed narrowly by Mundo Pato, so please do not submit unnecessarily broad requests. If legally permitted, Client will be responsible for any costs arising from Mundo Pato’s response to such requests.
Mundo Pato is committed to the importance of trust and transparency for the benefit of our Clients and does not voluntarily provide governments with access to any data about users for surveillance purposes.
Mundo Pato will notify Client before disclosing any of Client’s Client Data so that the Client may seek protection from such disclosure, unless Mundo Pato is prohibited from doing so or there is a clear indication of illegal conduct or risk of harm to people or property associated with the use of such Client Data. If Mundo Pato is legally prohibited from notifying Client prior to disclosure, Mundo Pato will take reasonable steps to notify Client of the demand after the nondisclosure requirement expires. In addition, if Mundo Pato receives a National Security Letter with an indefinite non-disclosure requirement, Mundo Pato will initiate procedures for judicial review.
Domestication and International Requests
Mundo Pato requires that any individual issuing legal process or legal information requests (e.g., discovery requests, warrants, or subpoenas) to Mundo Pato properly domesticate the process or request and serve Mundo Pato in a jurisdiction where it is resident or has a registered agent to accept service on its behalf. Mundo Pato does not accept legal process or requests directly from law enforcement entities outside the U.S. or Canada. Foreign law enforcement agencies should proceed through a Mutual Legal Assistance Treaty or other diplomatic or legal means to obtain data through a court where Mundo Pato is located.
We take the security of your data very seriously at Mundo Pato. As transparency is one of the principles on which our company is built, we aim to be as clear and open as we can about the way we handle security.
If you have additional questions regarding security, we are happy to answer them. Please write to firstname.lastname@example.org and we will respond as quickly as we can.
We place strict controls over our employees’ access to the data you and your users make available via the Mundo Pato services, as more specifically defined in your agreement with Mundo Pato covering the use of the Mundo Pato services ("Client Data"), and are committed to ensuring that Client Data is not seen by anyone who should not have access to it. The operation of the Mundo Pato services requires that some employees have access to the systems which store and process Client Data. For example, in order to diagnose a problem you are having with the Mundo Pato services, we may need to access your Client Data. These employees are prohibited from using these permissions to view Client Data unless it is necessary to do so. We have technical controls to ensure that any access to Client Data is logged.
All of our employees and contract personnel are bound to our policies regarding Client Data and we treat these issues as matters of the highest importance within our company.
Mundo Pato conducts background checks on all employees before employment, and employees receive privacy and security training during onboarding as well as on an ongoing basis. All employees are required to read and sign our comprehensive information security policy covering the security, availability, and confidentiality of the Mundo Pato services.
The following security-related audits and certifications are applicable to the Mundo Pato services:
PCI: Mundo Pato is a PCI Level 3 Merchant and has completed the Payment Card Industry Data Security Standard’s SAQ-A. We use a third party to process credit card information securely. Mundo Pato is not currently a PCI-certified Service Provider.
The environment that hosts the Mundo Pato services maintains multiple certifications for its data centers, including ISO 27001 compliance, FedRAMP authorization, PCI Certification, and SOC reports. For more information about their certification and compliance, please visit the AWS Security website, AWS Compliance website, Google Security website, and Google Compliance website.
Security Features for Team Members & Administrators
In addition to the work we do at the infrastructure level, we provide Team Administrators of paid versions of the Mundo Pato services with additional tools to enable their own users to protect their Client Data.
Detailed access logs are available both to users and administrators of paid teams. We log every time an account signs in, noting the type of device used and the IP address of the connection.
Team Administrators and owners of paid teams can review consolidated access logs for their whole team.
Single Sign On
Administrators of paid teams can integrate their Mundo Pato services instance with a variety of single-sign-on providers.
Deletion of Client Data
Mundo Pato provides the option for services Primary Owners to, delete Client Data at any time during a subscription term. Within 36 hours of workspace Primary Owner initiated deletion, Mundo Pato hard deletes all information from currently-running production systems (excluding team and channel names, and search terms embedded in URLs in web server access logs). Mundo Pato services backups are destroyed within 4 days.
Return of Client Data
Upon client termination of the agreement, client data can be exported, in standard formats, by the client. If there is a client request to export the data, Mundo Pato may export the data to a standard format.
Data Encryption In Transit and At Rest
The Mundo Pato services support the latest recommended secure cipher suites and protocols to encrypt all traffic in transit. Client Data is encrypted at rest.
We understand that you rely on the Mundo Pato services to work. We're committed to making Mundo Pato a highly-available service that you can count on. Our infrastructure runs on systems that are fault tolerant, for failures of individual servers or even entire data centers. Our operations team tests disaster-recovery measures regularly and staffs an around-the-clock on-call team to quickly resolve unexpected incidents.
Client Data is stored redundantly at multiple locations in our hosting provider’s data centers to ensure availability. We have well-tested backup and restoration procedures, which allow recovery from a major disaster. Client Data and our source code are automatically backed up nightly. The Operations team is alerted in case of a failure with this system. Backups are fully tested at least every 90 days to confirm that our processes and tools work as expected.
Firewalls are configured according to industry best practices and unnecessary ports are blocked by configuration with AWS Security Groups.
Mundo Pato maintains a centralized logging environment in its production environment which contains information pertaining to security, monitoring, availability, access, and other metrics about the Mundo Pato services. These logs are periodically analyzed for security events and overseeing by the CTO.
Incident Management & Response
In the event of a security breach, Mundo Pato will promptly notify you of any unauthorized access to your Client Data. Mundo Pato has incident management policies and procedures in place to handle such an event such as: Identify type of intrusion or security event, alert relevant internal departments, notify clients, take corrective action and execute a plan to prevent reoccurrence of the event or intrusion.
External Security Audits
We contract external security firms who perform audits of the Mundo Pato services to verify that our security practices are sound.