1. IMPORTANT INFORMATION AND WHO WE ARE.
This Website and our Services are not intended for persons under the age of 18, and we do not knowingly collect data relating to minors under such age. Insofar as Personal Data may be collected based on your consent, you must be above the age of 18. If these age requirements are not met, you are required to avoid using the Website and/or Services. Consistent with the requirements of applicable law, if we learn that we have received any information directly from a minor without such minor’s parent verified consent, we will use that information only to respond directly to that minor (or such minor’s parent or legal guardian) to inform the minor that he/she cannot use the Services, and subsequently will delete that information.
2. WHAT IS PERSONAL DATA?
When you interact with the Website, we will collect information that, alone or in combination with other information, could directly or indirectly be used to identify you (“Personal Data”), like when you request information, including a demo, ask to download content (such as white papers), register for a webcast or other event, apply to become a partner, apply for a job or subscribe to emailing lists.
Personal Data may include:
- “Identifiers” such as your real name, alias, postal address, unique personal identifier, photos, online identifier, Internet Protocol address, account name and other similar identifiers;
- “Contact Details” such as your name, address, email address, and telephone number;
- “Personal information” categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) (“Consumer Records”) such as a name, signature, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories;
- “Protected Classification Characteristics” under California or federal law, such as age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information);
- “Internet or other Similar Network Activity”, such as browsing history, search history, information on a consumer’s interaction with the Website, including chat information, browser type and settings, application, or advertisement;
- “Geolocation Data” such as physical location or movements;
- “Professional or Employment-Related Information”, such as current or past job history or performance evaluations;
- “Inferences Drawn from other Personal Information”, such as a profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes;
- Other information, such as an IP address; in certain US States, Personal Data may include your house-hold data and other items of information.
The term “Personal Data” shall also include and refer to similar terms in Applicable Data Protection Laws. “Sensitive Personal Data” means information of private nature, for example: your health and medical condition or your religious and political views; that requires additional safeguarding measures. This term shall include “Special Categories of Personal Data” (as defined in the GDPR), and any similar term in the Applicable Data Protection Laws.
3. THE CATEGORIES OF PERSONAL DATA WE COLLECT AND HOW WE COLLECT IT
We use different methods to collect data from and about you, including through:
- Direct interactions: You may provide us your Personal Data by speaking to us in person on-site at our premises or off-site; by filling in forms, by requesting information from us, by attending a conference in which we are participating, or by corresponding with us by post, phone, email or otherwise.
- Automated technologies or interactions: As you interact with our Website, we may automatically collect data about your equipment, browsing actions and patterns. We collect this Personal Data by using technologies of third party providers.
- Third party service providers: We may receive Personal Data such as Contact Details and Payment Information about you from various third parties, including from providers of technical, payment and delivery services.
Where we need to collect Personal Data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
In addition, when you provide us data, you are requested not to submit Sensitive Personal Data or Health Data through the “contact us” form on our Website.
4. HOW WE USE THE PERSONAL DATA AND WHAT ARE THE LEGAL BASES OF PROCESSING?
We collect and use your Personal Data for the following purposes and under the following legal bases:
- To provide the Services to you and respond to your requests: When you ask for information about the Services (for example, when you request a demo), ask to download content through the Website or apply to become a partner, receive a quote from us or place an order with us, we will use your contact information, including your phone number, to respond to your request by email, mail, phone, text message or other means directed to the contact information you have provided. For European Economic Area (“EEA”) data subjects (“EU data subjects“), such use is necessary to respond to or implement your request.
- For marketing purposes: We will use your email or mail address to send you information (as applicable) by email and post about our new products and services, upcoming events or other promotions. You may opt-out of receiving such emails by following the instructions contained in each promotional email we send you, or by contacting us at firstname.lastname@example.org. If you request a demo or download content from the Website, we may also use your phone number to contact you directly by phone, in connection with such new products and services, upcoming events or other promotions.
Where required by law (for example, if you are an EU data subject), we will only send you marketing information by email or mail, or contact you by phone, if you consent to us doing so at the time you provide us with your Personal Data. When you provide us with your consent to be contacted for marketing purposes, you have the right to withdraw your consent at any time by following the instructions to “opt-out” of receiving marketing communication in each marketing email we send you, as mentioned above. In addition, if at any time you do not wish to receive future marketing communications or wish to have your name deleted from our mailing or calling lists, please contact us at email@example.com. We will continue to contact you via email regarding the provision of our Services and to respond to your requests.
- To analyze, administer, support and improve the use of the Website: We use data relating to your use of the Website to analyze, administer, support and improve your access to and use of the Website functionalities. We may also compile, anonymize and/or aggregate your Personal Data and other data and use such anonymized and/or aggregated data for our business purposes, including sharing it with affiliates and business partners. For EU data subjects, this use of your Personal Data is necessary for our legitimate interests in understanding how the Website is being used by you and to improve your experience on it.
- To process applications for a job: When you apply for employment through our platforms, we will use your contact details and data about your employment history and education to conduct job interviews, evaluate your application, and as is otherwise needed for recruitment. For EU data subjects, this use is necessary to respond to your request to process your application for employment.
- To fulfill our legal and regulatory obligations: In order to fulfill our legal and regulatory obligations, we may take action to prevent, investigate and detect crime, fraud or anti-social behavior and prosecute offenders, including working with law enforcement agencies or the regulators).
- To exercise tasks under our legitimate interests: Such as: a) to enforce our terms and conditions; b) to handle customer contacts, queries and complaints or disputes; c) to protect our operations; d) to know who is on-site for security purposes and to check timings and attendance in relation to project works to protect our rights, privacy, safety of property, and that of our group companies, you or others; e) to allow us to pursue available remedies or limit our damages; f) to ensure the security and integrity of our Services and ensuring our Website operate effectively; g) to administer our Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; and h) to improve our Website and to ensure that the content is presented in the most effective manner for you and for your computer/mobile phone/electronic device.
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
5. NON-PERSONAL DATA WE COLLECT OR GENERATE
In addition to the categories of Personal Data described above, we will also process “Non-Personal Information”, meaning information that does not personally and specifically identify a natural person, such as anonymized information, which may be collected through the Website in the following ways:
- Log Data: Information that your browser sends, which may include, but is not limited to, non-identifying information regarding your device, operating system, internet browser type, screen resolution, language and keyboard settings, internet service provider, referring/exit pages, date/time stamps, the web page you were visiting, information you search, etc.
- Usage Evaluation: We may collect further Non-Personal Information through use of automated devices and applications to evaluate usage of our Service and through cookies. We use these tools to help us improve our Website, performance and user experience. We may also engage third parties to track and analyze data or provide other services on our behalf. Such third parties may combine the Non-Personal Information that we provide about you with other information that they have collected from other sources. This Policy does not cover such third parties’ use of the data and such use is governed by such third parties’ privacy policies.
6. DATA RETENTION – FOR HOW LONG IS THE DATA STORED?
We retain Personal Data as long as we are required to keep the information by applicable laws, or in accordance with our contractual obligations or legitimate interests. The information may be located in the EU, the USA and/or other jurisdictions. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
7. WHO MAY THE INFORMATION BE SHARED WITH?
We may share Personal Data that we receive from you, including information used to order our Services, with the following third parties:
- CyTwist Group: companies who are members in our group.
- CyTwist Service Providers: Such as accountants, auditors, experts, lawyers, credit reference agencies, IT systems providers, support and hosting service providers; printing, advertising, marketing and market research and analysis service providers; document and records management providers; technical engineers; data storage and cloud providers and similar third-party vendors and outsourced service providers that assist us in carrying out business activities.
- Government or other Public Authorities: Including, but not limited to law enforcement or other agencies to which we are required to disclose Personal Data by law, or by a warrant, subpoena or court order.
- Other Third Parties: In the event that we sell or buy any business or assets, we may disclose your Personal Data to the prospective seller or buyer of such business or assets. If CyTwist or a company which is part of the CyTwist group or substantially all of its assets are acquired by a third party, Personal Data held by it about its customers will be one of the transferred assets.
California Civil Code Section 1798.83 (California Shine the Light Law) permits users who are California residents to obtain from us once a year, free of charge, a list of third parties to whom we have disclosed personal information (if any) for direct marketing purposes in the preceding calendar year. If you are a California resident and you wish to make such a request, please send an e-mail with “California Privacy Rights” in the subject line to firstname.lastname@example.org
If you opt-in (on-line or off-line) to receive on-line marketing and offers, we will add your name and email address to our marketing database. In some jurisdictions, we may also send you on-line marketing messages if you have previously placed an order with us or where you have provided your information for the purpose of contact. You can change your marketing preferences at any time and will always be offered the opportunity to unsubscribe.
We will still contact you regarding your account or orders even if you have opted out of receiving marketing from us.
- We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality.
- We have put in place procedures to deal with any suspected “Personal Data Breach” (as this and similar terms are defined in the Applicable Data Protection Laws) and will notify you and any applicable regulator of such Personal Data Breach, where we are legally required.
- Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk and you acknowledge this when you choose to access, visit and/or use our Website. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
- THE WEBSITE AND ALL INFORMATION THAT YOU SUBMIT THROUGH THE WEBSITE IS COLLECTED, STORED, AND PROCESSED IN THE UNITED STATES WITHIN DATABASES CONTROLLED BY US. IF YOU ARE LOCATED OUTSIDE OF THE UNITED STATES, INFORMATION WE COLLECT (INCLUDING COOKIES) ARE PROCESSED AND STORED IN THE UNITED STATES, WHICH MAY NOT OFFER THE SAME LEVEL OF PRIVACY PROTECTION AS THE COUNTRY WHERE YOU RESIDE OR ARE A CITIZEN.
10. SOCIAL MEDIA PLATFORMS AND LINKS TO THIRD PARTY WEBSITES
- When you use our company page on a social media platform, and/or when you use social sharing buttons on our Website, or click on any links contained in our Website to the websites of our partner networks, our social media pages, advertisers and affiliates; you do so at your own discretion and subject to the terms and conditions, as well as the privacy policies of each social media platform respectively. Please note that we do not accept any responsibility or liability for these policies and that these social media platforms or websites may track your activity.
- We may collect Personal Data from your public profile, including, name, photo and other information you make available to us when you like, post or otherwise interact with our social media pages, such as LinkedIn.
11. YOUR RIGHTS
Different privacy rights may apply in various jurisdictions. In some jurisdictions, you may have a right to receive information about the processing of your Personal Data by us, the right to rectify your Personal Data and/or to request deletion of your Personal Data.
- General conditions for complying with Personal Data inquiries: When you contact us about your Personal Data, we may need to ask you to provide us certain credentials to make sure that you are who you claim you are, to avoid disclosure to you of Personal Data related to others and to ask you questions to better understand the nature and scope of data that you request to access. We may redact from the data which we will make available to you, any Personal Data related to others. In addition, we may delete your Personal Data if required by Applicable Data Protection Laws.
- At any time, you may contact us at: email@example.com in order to inquire about your Personal Data rights. We will make good-faith efforts to assist you as we are required under the Applicable Data Protection Laws. EU data subjects and California residents may have additional rights concerning the access and updating of their Personal Data (see Sections 12 and 13 below).
- If you think that the processing of Personal Data by us violates Applicable Data Protection Laws, you can lodge a complaint with the regulator at your jurisdiction. We may provide the details of the regulator upon request.
12. INFORMATION FOR EU DATA SUBJECTS
- Data Location and International Data Transfers: Your Personal Data may be stored on our servers outside the EEA and may be processed by our group companies and service providers outside the EEA. Whenever we transfer your Personal Data out of the EEA, we ensure a similar degree of protection is afforded to it by using a solution that enables lawful transfer of personal data to a third country in accordance with Article 45 or 46 of the GDPR (including the European Commission Standard Contractual Clauses, as may be amended from time to time). For additional information on the mechanisms used to protect your Personal Data, please contact us at firstname.lastname@example.org.
- Your EU Privacy Rights: Residents of the EEA may be entitled to other rights under the GDPR. These rights are summarized below. We may require you to verify your identity before we respond to your requests to exercise your rights. If you are entitled to these rights, you may exercise these rights with respect to your Personal Data that we collect and store:
- Erasure of Personal Data;
- Access of Personal Data;
- Request of a copy of Personal Data;
- Correction of any inaccuracies in your Personal Data;
- Objection to the processing of Personal Data;
- Withdrawal of consent to data processing at any time (please note that this might prevent you from using certain aspects of the Services);
- Restriction of processing of Personal Data; and
- Portability of Personal Data – to receive the Personal Data you have provided to us in a structured, commonly used and machine-readable form and transmit it to another data controller.
These rights will be exercisable subject to limitations as provided for by the GDPR. Any requests to exercise the above listed rights may be made to: email@example.com.
In some instances, our legal obligations may override your rights under data protection laws. We are also legally required to identify you before we process your request.
Normally, you will not have to pay a fee to access your Personal Data (or to exercise any of your rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one (1) month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you are an EU data subject, you have the right to lodge a complaint with a Data Protection Authority about how we process your Personal Data at the following website: https://edpb.europa.eu/about-edpb/board/members_en.
13. INFORMATION FOR CALIFORNIA RESIDENTS
- “Do Not Track” Signals under the California Online Protection Act (CalOPPA): “Do Not Track” is a preference you can set in your web browser to inform websites that you do not want to be tracked. We do not support “Do Not Track”. If such technology is available by virtue of our email service or website platform, we are neither aware of it, nor utilize it. You can enable or disable “Do Not Track” by visiting the Preferences or Settings page of your web browser. You should know that you can also opt out of internet-based advertising by installing a plug-in for your browser. Such plug-ins are available from third parties.
- California Civil Code: California Civil Code permits customers of CyTwist who are California residents to request certain information regarding its disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org. Please note that we are only required to respond to one request per customer each year.
- CCPA: Under the California Consumer Privacy Act 2018 (“CCPA“), you have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months.
To exercise your rights, please submit a verifiable consumer request to us by email to email@example.com. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make such a request for access or data portability twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response electronically. Any disclosures we provide will only cover the 12-month period preceding the receipt of the verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights.
If we make any material changes that reduce your privacy rights, we will notify you in advance by sending you an email and/or by posting a notice in the Services or on the Website.
15. CONTACT US