Introduction
This Privacy Policy is effective as of August 31st, 2021, and represents the Privacy Policy of [Redact Holdings, Inc] (“Company,” “we,” “our,” or “us”).
This General Privacy Policy addresses the privacy rights of individuals who:
• visit our Website or use our Services”;
• interact with us on behalf of a Service Provider in connection with the products and services our Service Provider provides to us;
• interact with us on behalf of a business partner in connection with our relationship with the business partner;
• apply to work with us;
• receive marketing communications from us; and/or
• interact with us by registering for, attending and/or otherwise taking part in our trade events, webinars, or conferences or who communicate with us via email, phone, or in-person.
This Privacy Policy, which includes and incorporates our GDPR Privacy Policy, is designed to assist individuals and businesses that interact with us to understand the types of Personal Data we collect, how that Personal Data is Processed, and the practices we have adopted to protect Personal Data.
Definitions
“Controller” means a person or organization that, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
“Customer” means a business that has, formerly had, or is contemplating purchasing or using our Services.
“GDPR” means the EU General Data Protection Regulation 2016/679.
“Personal Data” means any information relating to an identified or identifiable natural person.
“Privacy Policy” means this Privacy Policy.
“Process” and
“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
“Processor” means a person or organization that engages in Processing.
“Representative” means an individual who (i) acts on behalf of a Customer, including, a Customer’s employees, agents, and representatives, (ii) acts on behalf of a Service Provider, including, a Service Provider’s employees, agents, and representatives, (iii) acts on behalf of a business partner, including a business partner’s employees, agents, and representatives or (iv) otherwise interacts with us in any manner, for example through our Website, in emails, phone calls, or in-person interaction.
“Service Provider” means a supplier, subcontractor, vendor, or other third party who provides services to us.
“Services” means the products and services provided by us, including, but not limited to, colocation and other data center services, fraud detection software and services, website accessibility compliance software and services, data analytics services, and cybersecurity software and services.
“Website” means all of the websites and mobile applications maintained by us that display a link to the Privacy Policy.
“Website Visitor” means an individual who visits the Website.
Personal Data Collected
For our
Service Providers, we may collect the Personal Data of your Representatives when we inquire about or purchase services from you to support our business operations.
For our
business partners, we may collect the Personal Data of your Representatives in connection with our interactions with you.
For
prospective employees, we may collect your Personal Data when you visit, browse, or register on our Websites, when you submit an application for employment, when you provide additional Personal Data during the application and interview process, when you speak to our employees during your interview process, and when you otherwise provide or authorize us to collect your Personal Data during the application and interview process.
For our
Website Visitors, we may collect certain Personal Data from you when you visit, browse, register on our Websites, complete a form on our Websites, or engage in online support received through our Websites. We may also collect certain information about your session when you visit our Websites, including internet protocol (IP) addresses, browser type, internet service provider, referring/exit pages, operating system, date/time stamp and clickstream data, as further outlined below.
We may also collect the Personal Data of Representatives if they (i) register for a trade event, webinar, or conference hosted by us, (ii) download or request content and information regarding our Services, (iii) complete a survey or form, (iv) request online support through our Websites, or (v) receive marketing communications from us.
Purpose of Personal Data Collection and Processing
We collect and Process Personal Data for the following purposes:
• To fulfill a legal obligation or to protect our rights;
• To comply with applicable laws and regulations;
• To administer and manage Service Providers;
• To work with business partners;
• To improve and protect the integrity and security of our Services and our Websites;
• To consider job applicants for employment;
• For any other purpose for which you have been notified, and if legally required where appropriate consent has been obtained.
Security
We implement a variety of security measures to maintain the safety of your Personal Data when you enter, submit, or access your Personal Data, or when it is otherwise collected or Processed by us. We take reasonable and appropriate measures to secure your Personal Data.
Cookies and Other Technologies
We automatically collect information about your use of our Site through cookies, web beacons, and other technologies. To the extent permitted by applicable law, we combine this information with other information we collect about you, including your personal information. Cookies are alphanumeric identifiers that we transfer to your device’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Site and Services, while others are used to enable a faster log-in process or to allow us to track your activities at our Site and Service. There are two types of cookies: session and persistent cookies. Session cookies exist only during an online session. They disappear from your device when you close your browser or turn off your device. We use session cookies to allow our systems to uniquely identify you during a session or while you are logged into the Website and Services. This allows us to process your online transactions and requests and verify your identity, after you have logged in, as you move through our Website and Services. Persistent cookies remain on your device after you have closed your browser or turned off your device. We use persistent cookies to track aggregate and statistical information about user activity. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The “Help” portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our Website and Services who disable cookies will be able to browse certain areas of the Website, but some features may not function
We use third-party browser and mobile analytics services like Google Analytics in connection with the Services. These services use data collection tools to help us analyze use of the Services, including information like the third-party website you arrive from, how often you visit, events within the Services, usage and performance data, and where the application was downloaded from. We use this data to improve the Services, better understand how the Services perform on different devices, and provide information that may be of interest to you. We use third parties such as network advertisers to serve advertisements on our Site and on third-party websites or other media (e.g., social networking platforms). This enables us and these third parties to target advertisements to you for products and services in which you might be interested. Third-party ad network providers, advertisers, sponsors and/or traffic measurement services may use cookies, JavaScript, web beacons (including clear GIFs), Flash LSOs and other tracking technologies to measure the effectiveness of their ads and to personalize advertising content to you. These third-party cookies and other technologies are governed by each third party's specific privacy policy, not this one. We may provide these third-party advertisers with information, including personal information, about you. Users in the United States may opt out of many third-party ad networks. For example, you may go to the Digital Advertising Alliance ("DAA") Consumer Choice Page for information about opting out of interest-based advertising and their choices regarding having information used by DAA companies. You may also go to the Network Advertising Initiative ("NAI") Consumer Opt-Out Page for information about opting out of interest-based advertising and their choices regarding having information used by NAI members. Opting out from one or more companies listed on the DAA Consumer Choice Page or the NAI Consumer Opt-Out Page will opt you out from those companies' delivery of interest-based content or ads to you, but it does not mean you will no longer receive any advertising through our Site, Services, or on other websites. You may continue to receive advertisements, for example, based on the particular website that you are viewing (i.e., contextually based ads). Also, if your browsers are configured to reject cookies when you opt out on the DAA or NAI websites, your opt out may not be effective. Additional information is available on the DAA's website at www.aboutads.info or the NAI's website at www.networkadvertising.org.
Collection of Personal Data from Children
Our Websites are intended for individuals 18 years of age and older. They are not directed at, marketed to, nor intended for, children under 18 years of age. We do not knowingly collect any information, including Personal Data, from children under 18 years of age. If you believe that we have inadvertently collected Personal Data from a child under the age of 18, please contact us at the email address in Section XI below, and we will take immediate steps to delete it.
Changes to Privacy Policy
We will provide adequate notice of any material changes and obtain your consent when legally required when making such changes to this Privacy Policy.
Inquiries/Contact Us
You may have rights regarding your Personal Data depending on where you are and where your Personal Data is Processed. Please contact us at
[email protected] if you have questions in this regard or if you wish to update your Personal Data.
Governing Law; Venue; Waiver of Jury Trial and Class Actions
Unless applicable data protection / privacy laws provide otherwise, (a) the Privacy Policy is governed by the laws of the State of Delaware U.S.A, (b) you hereby agree that any dispute or claim raised or made by you against us relating to the Privacy Policy shall be subject to arbitration before a single arbitrator in Miami, Florida in accordance with the Commercial Arbitration Rules of the American Arbitration Association and (c) you hereby waive all rights to bring or maintain any court action, jury trial or any class claim, class action, class arbitration, or other representative action, claim or proceeding against us in a court of law.
CALIFORNIA CONSUMER PRIVACY ACT NOTICE
This section addresses the specific disclosure requirements under the California Consumer Privacy Act of 2018 (“CCPA”). It applies to personal information about California residents using our Site and Services. For purposes of the CCPA, personal information means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. In the event of a conflict between this CCPA Notice and any of our other privacy notices, this CCPA Notice shall control only with respect to the personal information of California residents.
Personal Information Categories
Our Privacy Notice covers our personal information collection and usage more fully. The chart below describes the categories of personal information we collect and the sources from which we collect the personal information, organized into the categories specified by the CCPA.
Personal Information Category
Sources
Personal information described in Cal. Civ. Code §1798.80(e)(such as name, address, telephone number, education, employment history, credit card or debit card number)
Information you provide directly
Identifiers (e.g., real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers)
Information you provide to us directly
Characteristics of protected classifications under California or Federal law (e.g., your gender or age) (“Characteristics of Protected Classifications”)
Information you provide to us directly
Internet or Other Electronic Network Activity Information (e.g., browsing history, search history, and information regarding your interactions with our Services)
Your interactions with our Site and Services.
Geolocation Data
Information you provide to us directly or through your interactions with our Site and Services.
Professional or Employment-Related Information
Professional or Employment-Related Information
We use this personal information for the purposes outlined in the “Purpose of Personal Data Collection and Processing” set forth above. We do not sell personal information and we do not have actual knowledge that we sell the personal information of minors under 16 years of age.
California Residents' Privacy Rights
California residents have rights to request access to or deletion of their personal information and may not be discriminated against because they exercise any of their rights under the California Consumer Privacy Act in violation of Cal. Civ. Code §1798.125. You can make requests by sending an email to
[email protected] with details of your specific request. We may ask that you provide certain information to verify your identity, and the information we request from you will depend on your prior interactions with us and the sensitivity of the personal information at issue. Once confirmed, we will respond to your request in accordance with the CCPA. If we deny your request, we will explain why. You may designate an authorized agent to make a request under the CCPA on your behalf if: (1) the authorized agent is a natural person or a business entity registered with the Secretary of State of California; and (2) you sign a written declaration that you authorize the authorized agent to act on your behalf. We may ask that you provide certain information to verify your identity and that you authorized the authorized agent to act on your behalf. If you provide an authorized agent with power of attorney pursuant to Probate Code sections 4000 to 4465, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA. California residents also have the right to opt out of the sale of their personal information; we do not provide this option as we do not sell your personal information. If you have any questions or concerns regarding this CCPA Notice, please email
[email protected]GDPR Privacy Policy
This GDPR Privacy Policy section of our Privacy Policy (this “GDPR Privacy Policy”) applies to the Processing of Personal Data by Company in its role as a Controller, or as otherwise covered by the GDPR, when individuals: • interact with us on behalf of a Service Provider in connection with the products and services our Service Provider provides to us; • interact with us on behalf of a business partner in connection with our relationship with the business partner; or • apply to work with us.
Our Contact Details
If you have any questions or concerns as to how your Personal Data is Processed, please write to us at
[email protected] (Attn: Legal Department).
The Company’s Data Collection Practices
The Company collects and processes the following categories of Personal Data from Service Providers, business partners, Representatives, Website Visitors, prospective employees, individuals that receive marketing communications from Company and individuals that interact with Company by registering for, attending and/or otherwise taking part in Company webinars or conferences or who communicate with Company via email, phone or in person, in each case to operate its business for the specific purposes identified below. •
Website and Service Records include data related your interactions with our Websites and Services and other online content such as log data (i.e., preferences and settings, IP addresses, technical information about the device used to visit the Websites, and geolocation information) and traffic data (i.e., pages viewed, date stamps, time spent on a page, click through and clickstream data, queries made, search history, search results selected, comments made, type of service requested, and purchases made). •
Education and Work History includes details such as attended schools, marks/grades, past employers, descriptions of roles performed, locations of employment, and reasons for leaving past employment.
Why Does Company Collect Personal Data, What are the Sources of Personal Data, What are the Purposes for Processing, and What is the Lawful Basis?
The table below sets out the types of Personal Data Company Processes, the purposes of Processing such Personal Data, and Company’s lawful basis for doing so. The lawful basis will vary with the type of Processing involved and will typically include Processing (i) necessary for Company to pursue its legitimate business interests, (ii) based on your consent, where this is required by data protection laws, and (iii) necessary for Company to comply with its legal obligations. Where we rely on our legitimate business interests, we have explained what the grounds are for that reliance.
Company's Purpose of Processing Personal Data
Company's Lawful Basis for Collecting Personal Data
To comply with applicable laws, regulations and internal policies, practices, and procedures. Company may be required to disclose certain categories of Personal Data to comply with applicable laws and regulations, for example, to respond to a request from a government agency or to defend a legal claim. Additionally, Company may also be required to Process certain categories of Personal Data when conducting internal audits and investigations to ensure compliance with internal and external policies, practices, and procedures.
• Company has a legitimate business interest in complying with all applicable laws, regulations, and internal policies.
To receive applications for employment. Company may Process the following categories of Personal Data when receiving, reviewing, using, and storing applications for employment, including from prospective employees who visit the Website or other online locations where jobs may be posted and applications may be submitted:
• Personal Details
• Login Credentials
• Unique IDs
• Company has a legal obligation to collect certain information to confirm your right to work in the country to which you have applied.
• Otherwise, Company has a legitimate business interest in Processing the Personal Data of job applicants who seek to join the company to assess them as candidates
Sharing with Third Parties
Except as described below, we will not share or disclose Personal Data with or to outside third parties (meaning entities outside of the Group). The Group may share Personal Data between each other.
Fraud Prevention and Protection of Legal Rights. We may use and disclose Personal Data to the appropriate legal, judicial or law enforcement authorities and our advisors and investigators: (i) when we believe, in our sole discretion, that such disclosure is necessary to investigate, prevent, or respond to suspected illegal or fraudulent activity or to protect the safety, rights, or property of the Group and of our Customers, Service Providers, business partners, Representatives, Website Visitors, prospective employees, or others; (ii) when we suspect abuse of the Website or Services or unauthorized access to any system, spamming, denial of service attacks, or similar attacks; (iii) to exercise or protect legal rights or defend against legal claims; or (iv) to allow us to pursue available remedies or limit the damages that we may sustain. We may disclose personal information to our partners, service providers, and law enforcement to secure our Website and Services, including to detect, prevent, and investigate security incidents or violations of our Terms of Use or applicable laws.
Law Enforcement. We may have to disclose the Personal Data of our Customers, Service Providers, business partners, Representatives, applicants, Website Visitors or others if a court, law enforcement or other public or government authority with appropriate competency requests that we provide that Personal Data and we believe, in our reasonable discretion, that such request was made in compliance with applicable law.
In addition to the above, we also may disclose personal information to third parties at your direction.
Data Subject Rights under the GDPR
The GDPR grants individuals who are in the EU/EEA/UK the following rights, with some limitations. Individuals may contact us, at our contact information as set forth herein to exercise any of those rights and we will respond with the requested action or information, or will let you know why such rights do not apply to you. These rights are not absolute and are subject to various conditions under applicable data protection and privacy legislation and the laws and regulations to which we are subject. In some cases, the exercise of these rights (for example, erasure, objection, restriction or the withholding or withdrawing of consent to processing) may make it impossible for us to provide services.
Right Not to Provide Consent or to Withdraw Consent. We may seek to rely on your consent in order to Process certain Personal Data. Where we do so, you have the right not to provide your consent, and the right to withdraw your consent at any time. If you withdraw your consent, this will not affect the lawfulness of the Processing conducted based on consent before its withdrawal.
Right of Access. You have the right to obtain confirmation as to whether or not we collect or Process Personal Data concerning you and, if this is the case, you have the right to request a copy of such Personal Data in digital format.
Right of Rectification. You have the right to require that we correct any inaccurate Personal Data concerning you, and that we complete incomplete Personal Data.
Right of Erasure. In certain circumstances, you have the right to request that we erase Personal Data concerning you; for example, if it is no longer necessary for the purposes for which it was originally collected and we do not otherwise have a legitimate reason to retain it. We may need to retain certain Personal Data when legally required, for internal, record keeping purposes, and/or in order to complete any transactions initiated prior to an individual’s request to remove or delete their Personal Data. Where we are unable to delete data from our systems, we will anonymize it so it will no longer be tied to your identity.
Right to Restrict Processing. In certain circumstances, you have the right to request that we restrict the Processing of the Personal Data that we have collected about you; for example, where you believe that the Personal Data that we hold about you is not accurate or lawfully held.
Right to Data Portability. In certain circumstances, you have the right to receive the Personal Data concerning you that you have provided to us in a structured, commonly used, machine readable format, and for us to transmit the data to another entity where technically feasible.
Right to Object to the Processing. In certain circumstances, you have the right to request that we stop Processing your Personal Data, including where we rely on legitimate interests as legal basis in the tables on the details of Processing provided above. If you receive commercial electronic communications from us, you can unsubscribe from the receipt of future commercial electronic communications from us by clicking on the “unsubscribe” link provided in such communications. Please also note that if you do opt out of receiving commercial electronic communications from us, we may still send you important administrative messages (such as updates about your account or changes in the Services), and you cannot opt out from receiving these messages, unless you stop receiving our Services.
Right Not to be Subject to Decisions Based Solely on Automated Processing that Produce Legal Effects. We do not make decisions based solely on automated processing - including profiling - that produces legal effects or similarly affects you.
Right to Complain to a Supervisory Authority. You have the right to lodge a complaint with a Supervisory Authority if you believe that our Processing of Personal Data relating to you is inconsistent with our obligations under the GDPR. In this situation, we ask you please consider contacting us first, so that we can try and assist with your query or address your concern.
To exercise any of your rights as set forth herein, please contact us in writing, via email or postal mail as indicated above, so that we may consider your request under applicable law. We may ask that you provide the following Personal Data for us to address your request speedily:
• The country in which you are located;
• A clear description of the Personal Data or content you wish to receive or to be deleted or corrected, or the action you wish to be taken; and
• Sufficient information to allow us to locate the content or Personal Data to be deleted, removed, or corrected.
For your protection, we may only implement requests with respect to the Personal Data that are associated with the particular email address that you use to send us your request. In addition, please note that, depending on the nature of your inquiry, request, or complaint, we may need to verify your identity before implementing your request and may require proof of identity, such as in the form of a government issued ID and proof of your physical address. We will try to comply with your request as soon as reasonably practicable and in any case within the timelines prescribed by applicable laws. However, we reserve the right to refuse to act on a request that is manifestly unfounded or excessive (for example because it is repetitive) and/or, in some cases, to charge a fee that takes into account the administrative costs for providing the information or the communication or taking the action requested.