Last Updated: May 15, 2023
1. Notice at Collection of Personal Information
Definition of Personal Information
We collect, process, store and share information that identifies, relates to or could reasonably be linked, directly or indirectly, with a particular individual or household (“personal information”). Personal information does not include information publicly available from government records, or which is not personal, like anonymous, deidentified or aggregated data (even if it originally comes from personal information).
Categories of Personal Information We Collect
Depending on your relationship with us, we may collect, process and store, and share with third parties, the following categories of personal information:
- Contact information, such as full name, home or work address, email address and phone number
- Professional or employment-related information, such as your job title, employer information and work history
- Financial information, including bank account, wire transfer and credit card information
- Commercial information, such as the billing details we use to bill you for our services, your billing and payment history, products or services you purchased, obtained or considered, or other of your purchasing histories or tendencies
- Internet and device identifiers, activity and analytics, such as information we automatically collect through cookies and similar technologies used on our website and in our SaaS Services, including user activity, a user’s browser, operating system and device information and IP address
- Approximate geolocation when you are using our website or SaaS Services
- Preference information, including preferences related to marketing, privacy, communications and participation in our events
- Inferences drawn from any of the personal information listed in this section; for example, to create a profile of an individual’s preferences and characteristics
- Other information you choose to provide to us
Our Business Purposes for Collecting and Sharing Personal Information
We collect, process, store and/or share all of the categories of personal information identified above (unless a limited subset of categories is indicated) for our following business purposes, our legitimate interests and the legitimate interests of third parties to:
- Provide and improve our services, including to provide the Saas Services to our enterprise clients (“Enterprise Clients”) and other users; to interact with users of our Saas Services and other services; improve or customize our SaaS Services and other services; develop new services or products; analyze and monitor usage, trends or other activities related to our services; respond to requests and inquiries from, or otherwise communicate with, Enterprise Clients, users and third parties
- Support our business operations, for example, we process and share personal information to bill and collect payment for our services, prepare and file tax forms and other documents, detect and prevent fraud and administer and protect our systems and website; and we process, store or share personal information in connection with our use of hosting, technology and communication providers and other vendors that support our business operations
- Market our services, for example, we use limited categories of personal information (contact information, professional information, internet and device information, preference information and inferences) to send you marketing communications or to invite or host you at our offices or events
- Improve our website user experience, for example, we use limited categories of personal information (contact information, professional information, internet and device information, preference information and inferences) in order to troubleshoot, test, conduct data analysis, update and otherwise improve our website
- Deidentify personal information, including aggregating and anonymizing personal information so that it is no longer personal information
- Meet legal and compliance requirements, including to perform audits, monitoring and reporting; support information security and anti-fraud operations; investigate and respond to disputes; exercise and defend legal claims; protect the rights, property or safety of Enterprise Clients, you, us or a third party; respond to legal process (including subpoenas) and governmental, court or law enforcement requests, investigations or orders; and comply with and enforce applicable laws, regulations, policies, procedures and agreements
- Evaluate or conduct business changes, including a merger, acquisition, sale, equity or debt financing, bankruptcy or other transaction in which a third party invests in or acquires control of our business or assets (in whole or in part)
We do not collect or process personal information for the purposes of automated decision-making or profiling (meaning the automatic processing of your personal information to identify your preferences and interests).
Under the laws of some jurisdictions, we must be able to describe the legal bases on which we rely to process personal information. We primarily rely on the legitimate interests, described above, to process personal information when not overridden by an individual’s data protection interests or fundamental rights and freedoms. Other legal bases for our processing of personal information include when the processing is necessary to perform a contract with you, we have a legal obligation to process the personal information or we have your consent to process the personal information.
Categories of Parties Whom We Share Your Personal Information
We share personal information with the following categories of third parties:
- Our vendors who provide us with services and products that help us provide services or operate our business, including hosting, technology and communication providers; cyber security and other security providers; mailing, marketing and event management providers; our attorneys, advisors, auditors and accountants; and our analytics providers
- Parties for marketing purposes, we may share the following categories of personal information with third parties for our or their direct marketing purposes: contact information, professional or employment-related information (for example, job title and employer) and preference information
- Parties for legal purposes, including governmental authorities, law enforcement, courts or other third parties in connection with any of the activities set forth in the bullet beginning with “Meet legal and compliance requirements” in the section above called, Our Business Purposes for Collecting and Sharing Personal Information
- Parties for business changes, for example, personal information that we collect may be shared with or transferred to a third party if we consider or undergo a merger, acquisition, sale, equity or debt financing, bankruptcy or other transaction in which a third party invests in, finances or acquires control of our business or assets (in whole or in part)
We Do Not Sell or Share Your Personal Information for Targeted Advertising
We do not share personal information with third parties for cross-contextual behavioral advertising or targeted advertising.
Retention of Personal Information
We retain personal information for as long as we deem to be necessary or advisable for our business purposes described in the above section called, Our Business Purposes for Collecting and Sharing Personal Information (such as providing services to you or Enterprise Clients). This may include keeping your personal information after you have stopped using our services; for example, we may retain your personal information to market our services to you (unless you opt-out), comply with legal obligations or resolve disputes or collect fees owed.
Sources of Personal Information
We collect personal information from the following categories of sources:
- Directly from you, such as when you use our services or when you communicate or interact with us in any way, including mail, email, phone, chat, QR code or social media
- Indirectly from you, for example, we collect cookie data and other information from your device, browser or activity on our website or in our SaaS Services
- From third parties or public sources, for example, from our analytics providers and social media pages
Generally, you are not under a statutory or contractual obligation to provide personal information to us. However, if you do not provide the personal information required for us to provide certain services, verify your identity or process transactions, we may be unable to offer services or otherwise conduct business with you.
Personal Information of Others You Share with Us
You may not disclose the personal information of another individual to us unless you have their prior written consent or are otherwise authorized under applicable law to share their information with us. To the extent that you provide another individual’s personal information to us or we collect another individual’s personal information on your behalf, you acknowledge and agree that you are responsible for compliance with all applicable laws concerning such personal information, including:
- providing all applicable notices
- receiving the proper authority or consent to allow us to collect, store, process and share such personal information
- responding to data subject requests
Protected Health Information
We do not collect or process Protected Health Information (“PHI”) as that term is defined under the Health Insurance Portability and Accountability Act of 1996, as amended, and any and all rules and regulations promulgated from time to time thereunder (“HIPAA”). You are prohibited from providing or making PHI available to us, including uploading to, making available on, or transmitted PHI via our website or SaaS Services.
Personal Information of Children
We do not collect any personal information directly from children under 16 years of age. As a parent or guardian, you may provide or make available personal information of your children to us, and, by doing so, you agree and consent to our collection and use of your children’s personal information.
If you are a child under the age of 16, please do not attempt to use our website or services or send us any personal information. If we learn we have collected personal information directly from a child under 16 years of age, we will delete that data as quickly as possible. If you believe that a child under 16 years of age may have provided personal information to us, please contact us at email@example.com.
To our knowledge, we do not sell, or share for cross-contextual behavioral advertising or targeted advertising purposes, the personal information of children under the age of 16.
3. Your Privacy Rights and Choices
Notice of Your Personal Information Rights
With respect to personal information that we control, subject to exemptions and limitations provided by applicable law, if you are an individual you have the right to:
- Know or access – request that we disclose certain information to you about our collection and use of your personal information:
- Whether or not we are processing your personal information
- The categories of your personal information we have collected
- The categories of sources for your personal information we have collected
- Our business purposes for collecting or sharing that personal information
- The categories of third parties with whom we shared your personal information, identifying the personal information categories that each category of recipient obtained and the purposes for sharing your personal information
- The types of personal information we shared with third parties for third parties’ direct marketing purposes and the identities of such third parties
- The specific pieces of personal information we collected about you and access to that personal information
- Data portability – request a copy of the personal information you provided to us in a portable, and, if feasible, readily usable format to be transferred to you or a third party
- Deletion – request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions under applicable privacy law
- Correction – request that we correct inaccurate or complete incomplete personal information
- Limit use of sensitive information – request that we limit the use or disclosure of your sensitive personal information to just those actions necessary to perform specific purposes outlined by law
- We do not use or disclose sensitive personal information (for example, government identifying numbers, complete account credentials, racial or ethnic origin, religious or philosophical beliefs, union membership, content of mail, email and text messages not directed at us, genetic data or health, sex life or sexual orientation information) for purposes other than purposes that would continue to be allowable after the receipt of a limitation request, including to provide services to you
- Third-party marketing opt out – direct us to not share your personal data with third parties for third parties’ direct marketing purposes
- Object to processing – object to our processing of your personal information based on legitimate interests or for direct marketing purposes
- Restriction of processing – request that we restrict or suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to delete it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it
- Withdraw your consent to the processing of your personal information if our processing is based on your consent (without affecting the lawfulness of any processing prior to your withdrawal of consent)
- Non-discrimination – be free from unlawful discrimination for exercising your rights under applicable privacy law
Generally, we are the processor or service provider with respect to personal information obtained from or on behalf of our corporate Enterprise Clients. Please make any privacy requests directly to our corporate Enterprise Clients or third parties with respect to personal information in their control.
How to Exercise Your Personal Information Rights
To exercise the rights described above, you or your Authorized Agent (defined below) must send us a written request (via the method described below) that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected personal information, and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may ask for information to verify your identity, such as name, phone number, email and address. We will only use personal information provided in a Valid Request to verify your identity and complete your request. You do not need an account to submit a Valid Request.
We will work to respond to your Valid Request promptly within the timeframes required by applicable privacy law (usually between 15 to 45 days depending on the type of Valid Request, with the right for us to extend the response time as necessary). We will not charge you a fee for making a Valid Request unless your Valid Request is excessive, repetitive or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.
You may submit a Valid Request using the following method:
- Send an email to: firstname.lastname@example.org
You may also authorize an agent (an “Authorized Agent“) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf.
In some instances, we may not be able to honor your request. For example, we may not honor your request if we cannot verify your identity or if we cannot verify that you have the authority to make a request on behalf of another individual. We may not honor your request if we are not the controller of your personal information (for example, when our Enterprise Client is the controller and we are the processor or service provider for our Enterprise Client). Additionally, we may not honor your request where not required to do so under applicable privacy laws. For example, we may deny a deletion request if the information is necessary for us to provide our services to you or comply with our legal obligations. We may deny certain right to know requests made more than twice in a 12-month period or for information collected and disclosed more than 12 months ago. We will advise you in our response if we are not able to honor your request.
You have the right to appeal our decision to not honor your request or our refusal to take action on a request within a reasonable period of time by contacting us at the email listed above and clearly stating that the purpose of the contact is an “appeal of privacy rights.” Within 45 days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.
The Right to Lodge a Complaint with a Supervisory Authority (EU, EEA and UK)
Subject to applicable privacy law, should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you have the right to lodge a complaint with your local data protection authority and/or competent supervisory authority. If you work or reside in a country that is a member of the European Union or that is in the European Economic Area, you may find the contact details for your appropriate data protection authority on this website: https://edpb.europa.eu/about-edpb/about-edpb/members_en. If you are a resident of the United Kingdom you may contact the UK supervisory authority, the Information Commissioner’s Office here: https://ico.org.uk/make-a-complaint/data-protection-complaints/data-protection-complaints/.
Do Not Track
“Do Not Track” is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. Our website is not currently configured to respond to Do Not Track signals or other mechanisms that provide users the ability to exercise choice regarding the collection of personal information about a user’s online activities over time and across third-party websites or online services.
Disable or Delete Cookies and Tracking Technology; Third-Party Cookies
Disable or Delete Cookies from Your Browser or Device
You can decide whether or not to accept certain cookies through your internet browser’s settings. Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new cookie in a variety of ways. To explore what cookie settings are available to you, look in the “preferences” or “options” section of your browser’s menu.
You can also delete all cookies that are already on your device. If you do this, however, you may have to manually adjust some preferences every time you visit our website and some of the website and functionalities may not work.
Third-Party Cookies and Resources to Opt-Out of Cookies and Targeted Advertising
We use the following third-party cookies (and may use others):
- Google Analytics
- Google collects the following data: https://support.google.com/analytics/answer/11593727?hl=en
- If you do not wish for Google Analytics to gather information about how you interact with our website, please install the Google Analytics Opt-out Browser Add-on available here: https://tools.google.com/dlpage/gaoptout and employ it at the start of each session on our website. A cookie will be set on your browser that instructs this technology not to start for that session. Please note that the next time you access our website the analytics will be reactivated, so you will have to disable the technology each time.
- You have the option to manage Google’s personalized ads by visiting the Google advertising center at https://myadcenter.google.com/?ref=privacy-policy.
To make choices about targeted advertisements from participating third parties, including to opt-out of receiving targeted advertisements from participating third parties, please visit the Network Advertising Initiative at http://www.networkadvertising.org/choices/ or the Digital Advertising Alliance at www.aboutads.info/choices.
To find out more information about cookies, including information about how to manage and delete cookies, please visit http://www.allaboutcookies.org/.
5. Our Uses of Personal Information in the Last 12 Months
In the last 12 months, we have collected all of the categories of personal information in the above section called, Categories of Personal Information We Collect for our business purposes described in the above section called, Our Business Purposes for Collecting and Sharing Personal Information.
With respect to personal information in our control, we have disclosed the following categories of personal information to our affiliates, our vendors and third parties for marketing purposes for our and third parties’ direct marketing purposes in the last 12 months:
- Identifiers, for example, real name, alias, postal address and email address
- Personal Information under Ca. Civ. Code § 1798.80(e), for example, name, address, phone number and employment (employer and job title)
- Professional or employment-related information, for example, employer and job title
We have not sold personal information or shared personal information for cross-contextual behavioral advertising (or targeted advertising) in the last 12 months.
6. Data Security and Processing
Security of Personal Information
We will maintain reasonable technical and organizational safeguards for the protection of the security and confidentiality of personal information from unauthorized access, use, disclosure or transfer. Despite our efforts to ensure security, we cannot guarantee or warrant that personal information will not be accessed, acquired, disclosed for an improper purpose, altered or destroyed by an unauthorized person or as a result of a breach of our security safeguards or those of our hosting provider or other vendors or service providers. We cannot ensure the security of any data transmitted to us over the internet. To the fullest extent permitted by applicable law, we accept no liability for any unintentional disclosure by us of personal information. Therefore, we urge you to take adequate precautions to protect personal information as well, including, without limitation, never sharing your account username or password.
International Transfer, Storage and Processing
8. Contact; Disability Access
· Address: 325 Chestnut Street, Suite 800, Philadelphia, PA, 19106
· Phone: (844) OXY-DIAL
· Email: email@example.com
· Email: firstname.lastname@example.org