This is the Data Privacy Notice (“Privacy Notice”) of Exterro, Inc. and its affiliate and subsidiary entities (“Exterro”). We maintain websites (the “Websites”) to provide products and services to you. These Websites may ask for and collect your personal information to provide our products and services, enhance your experience, and provide you with other relevant information about our offerings. This Privacy Notice governs our treatment of personal information where Exterro acts as a data controller, including personal information processed on its Websites, offline activities, and information relating to customers, suppliers and others who do business with us. This Privacy Notice does not govern Exterro as a processor or service provider, such as when we license our software to our customers.
Exterro is committed to protecting the information that our customers, employees, suppliers, and others have entrusted to us. We are providing this Privacy Notice to explain our information practices and the choices you may have about the way your personal information is collected and used. We expect all of our employees and those with whom we share personal information to adhere to this Privacy Notice.
Exterro customers are businesses that deploy our Software as a Service ("SaaS") cloud-based solutions for legal governance, risk and compliance ("GRC") to solve complex business processes. Our customers may use our SaaS solutions to process business confidential information that may include personal information about their data subjects ("Customer Data Subjects"). Exterro processes personal information about Customer Data Subjects subject to our customer's instructions, so this Privacy Notice does not apply to such processing.
If you are a Customer
Data Subject and believe that your personal information may be
processed using one of our SaaS solutions, you should directly
contact the organization regarding their processing of your personal
information. Exterro is unable to access, view, or identify any data
of its customers or Customer Data Subjects without the explicit
authorization of its customer.
If you are a customer
and have questions about how Exterro processes the personal
information of Customer Data Subjects, you should direct your inquiry
A. Personal Information You Provide
We only collect personal information that you provide to us or that we are authorized to obtain by you or by law. The types of personal information we collect will depend on how you interact with us or our Websites. For example, we may collect different information from you through online purchases than if you request a demo. Depending on our interactions, we may collect the following categories of personal information:
B. Information Collected Automatically
Exterro, its Service Providers, and/or Third-Party Services may also automatically collect certain information about you when you access or use the Websites (“Usage Information”). When you interact with us through our Websites, we collect information regarding your interaction as detailed below.
The following are the methods may be used to collect Usage Information, including the personal information collected automatically from your device:
Some information about your use of the Websites and certain Third-Party Services may be collected using Tracking Technologies across time and services, and used by Exterro and third parties for purposes such as to associate different devices you use and deliver relevant ads and/or other content to you on the Websites and certain Third-Party Services.
Exterro may use any Usage Information detailed above for the following purposes:
C. Information Collected from Other Sources
Exterro may also obtain information about you from other sources, including Service Providers and Third-Party Services, and combine that with personal information. We may use information collected from Service Providers and Third Parties for the following purposes:
Third-Party Services. The Websites may include hyperlinks to, or include on or in connection with, the Websites (e.g., apps and plug-ins), websites, locations, platforms, applications, or services operated by third parties (“Third-Party Service(s)”). These Third-Party Services may use their own cookies, web beacons, and other tracking technology to independently collect information about you and may solicit personal information from you.
Interest-Based Advertising. Exterro may engage and work with Service Providers and other third parties to serve advertisements on the Websites and/or on third-party services. Some of these ads may be tailored to your interest based on your browsing of the Websites and elsewhere on the internet, sometimes referred to as “interest-based advertising” and “online behavioral advertising” (“Interest-based Advertising”), which may include sending you an ad on a third-party service after you have left the Websites (i.e., “retargeting”).
D. Other Purposes
We may also use any of the Usage Information we listed above for the following purposes:
E. De-Identified Information
Sometimes we will de-identify personal information by removing or modifying the personally identifiable elements or extracting non-personally identifiable elements so they can’t be associated with a person (“de-identified information”). De-identified information is non-personal information and may be used and shared without obligation to you, except as prohibited by applicable law. To the extent any non-personal information is combined by or on behalf of Exterro with personal information Exterro itself collects directly from you on the Websites, Exterro will treat the combined data as described in this Notice.
"Cookies" are small files which enable us to store individual information related to your computer or other device used to access our website. Cookies help us, e.g., to determine the frequency of use and the number of people visiting our website and to create our services as comfortable and efficient as possible for you.
Classes of Cookies. There are two types of cookies: session cookies, and persistent cookies.
Sources of Cookies. Cookies also come from different sources – Exterro (these would be “first-party cookies” because Exterro places the cookies itself), and other third parties (these are “third-party cookies” because they are not placed by Exterro).
Third-Party Cookies and Website Analytics. We use third-party services including Google Analytics to analyze Website activity. When you visit the Websites, Google Analytics automatically collects information from you through the use of Google’s analytics IDs, and Google provides some of this information to us. An analytics ID is a specific string of numbers and letters (often called a “character string”) that is assigned to your computer or device but does not name you. The analytics ID allows Google to track usage data of the Websites, such as date and time of visit, duration of visit, Website traffic patterns, “clickstreams,” other similar information about your use of the Websites, the type of web browser used, the operating system/platform you are using, your IP address, the websites that referred or linked you to our Website, and your CPU speed. Google Analytics does not share the analytics ID assigned to your computer or device that you use to access and use the Websites. Google Analytics provides information about the use of our Websites to us in aggregate form (i.e., data about many Website users combined and not just about you). Some of this data might include the regional location of Website users, but again, this data will be in aggregate (and not individual) form. We rely on this aggregate data to inform us how users are using the Websites and to help us improve the Websites.
Social Media Widget Cookies. Some pages of our Websites include social media features, such as the Facebook “Like” button, and widgets, such as the “Share This” button or interactive mini-programs that run on our Websites. These features may collect your IP address, which page you are visiting on the Websites, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on the Websites. See the Social Media section under the heading How We Share Personal Information, below, for more details about your interactions with these features on our Websites.
Types of Cookies. The different types of cookies can be categorized as follows:
Cookies We Use: We use the following "cookies" on our Websites in connection with some of the functionalities described above.
|This cookie is set by the provider Osano. This cookie is used for storing the user's unique consent identifier. It helps in consent management.||-|
|Performance cookies||_gat||This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites.||-|
|_uetsid||Bing Ads sets this cookie to engage with a user that has previously visited the website.||-|
|_uetvid||Bing Ads sets this cookie to engage with a user that has previously visited the website.||-|
|Functional cookies||visitorId||ZoomInfo sets this cookie to identify a user.||-|
|__cf_bm||This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.||-|
|UserMatchHistory||LinkedIn sets this cookie for LinkedIn Ads ID syncing.||-|
|bcookie||LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.||-|
|lidc||LinkedIn sets the lidc cookie to facilitate data center selection.||-|
|bscookie||LinkedIn sets this cookie to store performed actions on the website.||-|
|li_gc||Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.||-|
|Analytics cookies||ti_||This cookie is set by Triblio to track the way a visitor uses the website and to monitor the performance of marketing campaigns.||-|
|_gcl_au||Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.||-|
|suid||Simpli. fi sets this cookie to store a distinct session ID.||-|
|_ga||The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors./td>||-|
|_gid||Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.||-|
|_gat_gtag_UA_*||Google Analytics sets this cookie to store a unique user ID.||-|
|AnalyticsSyncHistory||Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.||-|
|_ga_*||Google Analytics sets this cookie to store and count page views.||-|
|ln_or||Linkedin sets this cookie to register statistical data on users' behavior on the website for internal analytics.||-|
|_hjFirstSeen||Hotjar sets this cookie to identify a new user's first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.||-|
|_hjIncludedInPageviewSample||Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.||-|
|_hjAbsoluteSessionInProgress||Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.||-|
|u||This cookie is used by Bombora to collect information that is used either in aggregate form, to help understand how websites are being used or how effective marketing campaigns are, or to help customize the websites for visitors.||-|
|_gat_UA-*||Google Analytics sets this cookie for user behavior tracking.||-|
|pardot||The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.||-|
|Advertising cookies||test_cookie||The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.||-|
|MUID||Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.||-|
|ab||Owned by agkn, this cookie is used for targeting and advertising purposes.||-|
|TapAd_TS||TapAd sets this cookie to track users across devices to enable targeted advertising.||-|
|TapAd_DID||TapAd sets this cookie to offer personalized content, social media features, and traffic analysis for its retargeting of online advertising.||-|
|anProfile||This cookie is set by the provider pro-market.net. This cookie is used for personalizing online ads based on the behavior of the online customers.||-|
|IDE||Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.||-|
|__io_cid||This cookie is set by the provider bfmio.com. This cookie is used for detecting where the video advertisement should be displayed on the website.||-|
|anHistory||The domain of this cookie is owned by Datonics. This cookie is used for tracking the visitor on multiple websites in order to serve them with relevant advertisements.||-|
|TapAd_3WAY_SYNCS||TapAd sets this cookie for data synchronization with advertising networks.||-|
|audience||SpotXchange sets this cookie as a unique ID that tracks audiences internally. The cookie is used to limit the number of repetitive ads shown to the user.||-|
|uuid2||The uuid2 cookie is set by AppNexus and records information that helps in differentiating between devices and browsers. This information is used to pick out ads delivered by the platform and assess the ad performance and its attribute payment.||-|
|bku||Bluekai uses this cookie to build an anonymous user profile with data like the user's online behavior and interests.||-|
|bkpa||Set by Bluekai, this cookie stores anonymized data about the users' web usage in an aggregate form to build a profile for targeted advertising.||-|
|anj||AppNexus sets the anj cookie that contains data stating whether a cookie ID is synced with partners.||-|
|suid_legacy||Collects information on user preferences and interaction with web-campaign content which is used on CRM-campaign-platforms used by website owners for promoting events or products.||-|
|uid_syncd||The domain of this cookie is owned by Simpli.fi. This cookie is used for targeted advertising based on visitor preferences.||-|
|Other cookies||_cfuvid||This cookie is only set when a site uses this option in a Rate Limiting Rule, and is only used to allow the Cloudflare WAF||-|
|_hjSessionUser_663812||This cookie is used to persist the Hotjar User ID||-|
|hjIncludedInSessionSample||Set to determine if a user is included in the data sampling||-|
|_hjSession_663812||Ensures subsequent requests in the session window are attributed to the same session.||-|
|__141_cid||This cookie is associated with sites using CloudFlare to identify bots||-|
|loglevel||persistent cookie that collects data on user interaction||-|
The content of a cookie is limited to an identification number. Name, IP-address, or other information regarding your true identity is only collected to the extent necessary for the operation of the functionality cookies (i.e., in connection with the log-in function).
You may withdraw your consent at any time with effect in the future.
If you deny cookies, we will not set those cookies on your device, except necessary cookies and a cookie to remember that you don't want any cookies set when you visit this website.
If you have accepted cookies but want to deny them (withdraw your consent) for the future, you can delete the cookies in your website browser and the cookies window including the link to the cookie manager appears again.
Cookies and Browser Settings. You can disable cookies by changing your website browser settings to reject cookies. How to do this will depend on the browser you use. Rejecting cookies will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new cookie in a variety of ways. You can also delete all cookies that are already on your device. If you do this, however, you may have to manually adjust some preferences every time you visit this website. All modern browsers allow you to change your cookie settings, typically by going to the 'options' or 'preferences' menu of your browser. Use the 'Help' option in your browser for more details.
Blocking all cookies (including necessary cookies) will have a negative impact upon the usability of many websites, including ours. If you block necessary cookies, you may not be able to use all the features on this website. You can also delete cookies already stored on your computer. However, deleting cookies might have a negative impact on the usability of many websites, including ours.
Tracking Technologies Generally
Regular cookies may generally be disabled or removed by tools available as part of most commercial browsers, and in some instances blocked in the future by selecting certain settings. Browsers offer different functionalities and options so you may need to set them separately. Also, tools from commercial browsers may not be effective with Flash cookies (also known as locally shared objects), HTML5 cookies, or other Tracking Technologies. For information on disabling Flash cookies, go to Adobe’s website http://helpx.adobe.com/flash-p.... Please be aware that if you disable or remove these technologies, some parts of the Websites may not work and that when you revisit the Websites your ability to limit browser-based Tracking Technologies is subject to your browser settings and limitations.
Some app-related Tracking Technologies in connection with non-browser usage (e.g., most functionality of a mobile app) can only be disabled by uninstalling the app. To uninstall an app, follow the instructions from your operating system or handset manufacturer.
“Do Not Track” Signals; Opt-Out Preference Signals
Your browser settings may allow you to automatically transmit an opt-out preference signal or “Do Not Track” signal to online services you visit. Note, however, there is no consensus among industry participants as to what “Do Not Track” means in this context. Like many online services, Exterro currently does not alter its practices when Exterro receives an opt-out preference signal or “Do Not Track” signal from a visitor’s browser.
Analytics and Advertising Tracking Technologies
You can opt out of receiving certain promotional communications from Exterro at any time by following the instructions provided in emails to click on the unsubscribe link, or if available by changing your communication preferences by logging onto your account. Please note that your opt-out is limited to the email address used and will not affect subsequent subscriptions. If you opt-out of only certain communications, other subscription communications may continue. Even if you opt out of receiving promotional communications, Exterro may, subject to applicable law, continue to send you non-promotional communications, such as those about your account, transactions, servicing, or Exterro’s ongoing business relations.
We may share information about you to third parties as indicated below:
We do not sell any individual’s personal information, including information belonging to children under the age of 16, nor do we share that personal information with third parties for those parties’ commercial use.
We strive to take appropriate security measures to help safeguard your personal information from unauthorized access and disclosure. For example, only authorized employees are allowed to access personal information, and they may only access it for permitted business functions. We also use technology to protect your information, including encrypting sensitive personal information that is transferred to or from our systems.
While we cannot guarantee that loss, misuse, or alteration will never occur, we use reasonable efforts to prevent it. Please keep in mind that no method of storage or transmission over the Internet is completely secure, so your use of our services and provision of information to us is at your own risk.
Our Websites may contain links to other third-party sites on the Internet. The information practices of those websites are not covered by this Privacy Notice. We are not responsible for the privacy policies of other websites.
In certain circumstances, we may choose to or may be required to provide additional or different disclosures to residents of different U.S. states or other countries. Below are the disclosures that may be applicable to you.
“Legal Categories” of Personal Information Certain laws require us to tell you about the personal information we collect about you in a certain way – specifically, we need to tie it back to “legal categories” of personal information that are listed in the law. To do this, we bundled up the information we gave you above in this Notice and matched the different types of personal information we collect about you with the legal category. To make things easier to understand, we’ve put this information in a chart that shows you five things:
We’ve included these things and a list of personal information We Disclose for a Business Purpose in the Personal Information Privacy Chart at the end of this Privacy Notice.
This section of our Privacy Notice applies to individuals located in the European Economic Area (EEA) and the United Kingdom (UK).
International Data Transfers Exterro primarily stores the personal information we collect in the United States. To facilitate Exterro’s global operations, staff who work for Exterro and/or our service providers may transfer and access such personal information from locations around the world. This will involve transferring your personal information outside the EEA and the UK. We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this Privacy Notice. Whenever we transfer your personal information out of the EEA or the UK, we will ensure one of the following safeguards is implemented:
Legal Bases for Processing This section describes some of the legal bases we rely on to process your personal information. We may process your personal information for more than one legal basis depending on the specific purpose(s) for which we are using your personal information, including the following legal bases:
Generally we do not rely on consent as a legal basis for processing your personal information.
A. Privacy Rights: Some privacy laws require that we disclose to you the privacy rights that you have regarding personal information. We have defined the various privacy rights below.
Access: You may have the right to access your personal information and to receive a copy of your information.
Data Portability: You may have the right to request the transfer of your Personal Information to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Deletion: You also may request that we erase your information. You also have the right to ask us to delete or remove your Personal Information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Know: You may have the right to know the categories of personal information collected about you, the legal basis for processing your personal information, and to know whether your personal information is disclosed / sold and to whom.
Limit Use and Disclosure of Sensitive Personal Information: Exterro limits its use of your sensitive personal information to that use which is necessary to perform the services and which is reasonably expected by the average consumer requesting the services. “Sensitive Personal Information” includes your Social Security number, driver’s license number, state ID card, passport number, precise geolocation, racial or ethnic origin, religious beliefs, union membership, health and genetic data, biometric data, information about a sex life or sexual orientation, account login, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account, the contents of mail, email, and text messages if the business is not the intended recipient. For the avoidance of doubt, "special categories of personal data" under the General Data Protection Regulation (GDPR) and implementing regulations in Europe shall have the same meaning as "sensitive personal information." If you believe Exterro is processing your sensitive personal information beyond what is necessary and reasonably expected, you have the right to request that Exterro limit its use of your sensitive personal information.
Non-Discrimination / Non-Retaliation: You may have the right not to receive discriminatory treatment by the Company because you exercise your privacy rights.
Object to Processing: You may have the right to object to the processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Opt Out of Direct Marketing, Targeted Advertising, or Profiling: You may have the right to opt out of direct marketing, targeted advertising, or profiling we carry out for direct marketing.
Opt Out of the Sale or Sharing: You may have the right to opt out of the sale of your personal information, to the extent applicable. Exterro does not engage in the sale of personal information. You may also have the right to request that we do not share your personal information with third parties for cross-context behavioral advertising.
Request Correction: You may have the right to request correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Restrict Use: You may have the right to restrict the use of your Personal Information. This enables you to ask us to suspend the processing of your Personal Information in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Withdraw Consent: You may have the right to withdraw consent where we collected or processed your personal information based on consent, and no other legal basis for processing exists.
Right to Make a Complaint: If you are in the EEA, you have a right to complain to us about our Personal Information practices, and you can do so using one of the methods in the Contact Us section below. We will evaluate your complaint and will contact you if we need further information to resolve it. In addition, you may have the option of complaining to a government authority if you believe we have not processed your Personal Information in compliance with the laws and principles that apply in your home country. If you would like to make a complaint to an authority, you may contact your country’s supervisory authority.
These rights may be subject to certain limitations or exceptions depending on your state of residency and the purpose for which we process personal information about you.
Where applicable and technically feasible, Exterro will accommodate your valid request to exercise your privacy rights and choices. You may also designate an authorized agent to make a request on your behalf.
B. Making Privacy Requests
How to Make a Request: If you would like to make a request, please use one of the methods in the “Contact Us” section of this Privacy Notice. You will need to provide your first and last name, email address, physical address, and company or organization name.
Exterro may provide web pages or other mechanisms allowing you to delete, correct, or update some of the personal information, and potentially certain other information about you (e.g., account information). For instance, you can make changes to your account information by updating or modifying your online account information via the profile settings menu in the dashboard. Exterro will make good faith efforts to make requested changes in Exterro’s then-active databases as soon as practicable, but it is not always possible to completely change, remove, or delete all of your information or public postings from Exterro’s databases and residual and/or cached data may remain archived thereafter. Further, we reserve the right to retain data (a) as required by applicable law; and (b) for so long as reasonably necessary to fulfill the purposes for which the data is retained except to the extent prohibited by applicable law.
Responding to Requests: Your request will be evaluated to determine whether the requested change meets legal regulatory requirements and does not risk making our other data less secure or changing our other data. If we aren’t able to honor any part of your request, we will tell you that in our response, as well as the reason(s) we cannot do so.
Verifying Your Identity: In order for us to look into your request, we first need to verify your identity, meaning that we need to make sure that you are the consumer we may have collected personal information about or a person who has been duly authorized to make the request on behalf of the consumer. For example, if you make a request, we will ask you to confirm your name and email address. For certain requests, we will use a combination of your email address, name, and/or zip code to verify your identity, so that we can help protect your information.
Appealing a Denied Request: If we deny all or part of your privacy request, you may have a right to appeal that decision. If you would like to make an appeal, please contact us using the methods in the “Contact Us” section below, and include your name, email address, physical address, the type of request you made, and the reason for requesting an appeal.
Requests by Authorized Agents: You may have the right to designate an authorized agent to make a request on your behalf. Authorized agents of consumers may make a request by using the methods in the “Contact Us” section of this Privacy Notice. Privacy laws require that any request you submit to us is subject to an identification and verification process, and confirmation of the agent’s authority, which may include attestation under penalty of perjury. Absent a power of attorney, we will also require the consumer to verify their own identity. We may verify identity based on matching information you provided with data we have maintained on you in our systems. This data could include, but is not limited to, email address, mailing address, or phone number.
C. Third-Party Marketing and Your Additional California Privacy Rights
Separate from your “Do Not Sell” rights, California residents have the following additional rights regarding disclosure of your personal information to third parties for their own direct marketing purposes:
We provide California residents with the option to opt-in to sharing of “personal information” as defined by California’s “Shine the Light” law with third parties, other than with our affiliates, for such third parties’ own direct marketing purposes. We do not share personal information with non-Affiliate third parties for their direct marketing purposes absent your consent. If you are a California resident, you may request information about our compliance with the Shine the Light law and/or withdraw previously given consent to sharing with non-Affiliated third parties for their direct marketing purposes by contacting using the methods in the “Contact Us” section below. Requests must include “California Marketing Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through the provided email address or mailing address.
As these rights and your privacy rights are not the same and exist under different laws, you must exercise your rights under this law and the other privacy laws separately.
D. Children’s Privacy The Websites are not directed at nor intended for use by children under the age of 18, and we do not knowingly collect any personal information directly from children under the age of 18. We will never use or disclose any personal information of a child under the age of 18 for marketing or advertising purposes. If you are under age 18, you should not use our Websites and you should not send us personal information about yourself. If you suspect that a child is using our Websites, please contact Exterro by email at firstname.lastname@example.org.
We will only retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
We cannot (fully) comply with a request to erase or delete if we have to retain your personal information for certain purposes and for a longer period due to a statutory retention period. After the retention period has expired, we will delete your personal information.
We reserve the right to change this Notice prospectively effective upon the posting of the revised Notice and your use of our Websites indicates your acknowledgement of the Notice posted at the time of use. However, should we update this Notice, we will post a new version online, and will notify you if the personal information processed about you will be materially different than that which was represented to you at the time it was collected. To the extent any provision of this Notice is found by a competent tribunal to be invalid or unenforceable, such provision shall be severed to the extent necessary for the remainder to be valid and enforceable.
For questions regarding this Privacy Notice or to submit any of the requests mentioned above relating to your personal information, contact us using any of the following options:
2175 NW Raleigh St., Suite 400
Portland, OR 97210
We collect customers’ personal information as described above for the following purposes, when permissible under applicable law.
|Category||Sources||Purposes for Collection and Use||Sharing with Third Parties for a Business Purpose|
|A. Identifiers. Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
Name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories.
C. Protected classification characteristics under California or federal law.
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
D. Commercial information
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E. Biometric information
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke
|Not Collected||Not Collected||Not Collected|
F. Internet or other similar network activity.
Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
G. Geolocation data
Physical location or movements
|Not Collected||Not Collected||Not Collected|
H. Sensory data
Audio, electronic, visual, thermal, olfactory, or similar information.
|Not Collected||Not Collected||Not Collected|
I. Professional or employment-related information.
Current or past job history or performance evaluations.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records
K. Inferences drawn from other Personal Information
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes
|Not Collected||Not Collected||Not Collected|
L. Sensitive Personal Information as defined in § 1798.140(ae) of the California Privacy Rights Act
Personal information that reveals a consumer's: Social Security number, driver's license number, state identification card number, or passport number; a consumer's account log-in, financial account, debit card, or credit card number in combination with any security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; the contents of a consumer's mail, email, and text messages (not business related); genetic data; biometric data used to uniquely identify a consumer; health data; or data related to sex life or sexual orientation.
We may also collect information to comply with applicable law or regulatory requirements or legal requests.
Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose: