Last Updated: November 15, 2019
The Policy Governs Personal Information We Collect Via:
We are the data controller for the above list of places from which We collect personal data.
This Policy does not apply to the proprietary data We capture and archive on behalf of Our clients, or to individual persons with whom Our clients communicate. Our clients enter into a services agreement with Us that governs the collection, processing and storage of such proprietary data.
We Self-Certify To The EU-U.S. Privacy Shield Framework And The Swiss-U.S. Privacy Shield Framework, and we comply with the California Consumer Privacy Act effective January 1, 2020.
We self-certify compliance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework (“Framework”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union or Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles (“Principles”) and we commit to subject all personal information received from the EU to these Principles. If there is any conflict between the terms in this Policy and the Principles, the Principles govern. To learn more about the Privacy Shield program, and to view Our certification, please visit https://www.privacyshield.gov.
With respect to individuals located in the EU, We are responsible for processing personal information we receive under Privacy Shield and that we subsequently transfer to any third-party acting as an agent on Our behalf. We remain responsible under the Framework if Our agent processes personal information in a manner inconsistent with the Framework, consistent with any exclusions of liability under the Framework.
We comply with the California Consumer Privacy Act (“CCPA”), effective January 1, 2020, which affords California residents new rights with respective to their personal information. These rights, limited by the statute and explained below, are as follows:
- 1. The right to request disclosure of a California resident’s business’ data collection and sales practices in connection with the requesting consumer, including the categories of personal information collected, the source of the information, the use of the information and, if the information is disclosed or sold to third parties, the categories of personal information disclosed or sold to third parties and the categories of third parties to whom such information was disclosed or sold;
- 2. The right to request a copy of the specific personal information collected about a California resident during the 12 months before their request.
- 3. The right to have such information deleted (with certain exceptions);
- 4. The right to request that a California resident’s personal information not be sold to third parties, if applicable; and
- 5. The right not to be discriminated against because a California resident exercised any of the new rights.
- Information relevant to California residents covered under the CCPA is included in this Policy.
We do not knowingly collect personally identifiable information from children under 17 years of age.
We Collect The Following Types Of Personal Information:
Under CCPA, we collect: identifiers, commercial information, internet/electronic activity, geolocation, professional or employment related information, and inferences from the foregoing and we have collected those categories of information from consumers within the prior twelve months. More specifically, We collect:
We Collect Personal Information For The Following Purposes:
We may link, combine or supplement the information you provide Us with other information We receive from Third-party Sources or with cookies. We do this to help understand your needs and provide you with better products and services, to identify you when you return to Our Site or to pre-populate forms. We may use anonymous, aggregated personal information for different purposes, like market analysis, traffic flow analysis and reporting, or to deliver relevant advertising and information based on click stream data. We may also use this information to examine Our traffic in aggregate, to investigate misuse of Our network, its users, or to cooperate with law enforcement.
We May Use Certain Tracking Technologies To Collect Personal Information:
We may use tracking technologies like cookies, clear gifs, web beacons, web bugs, or other similar technologies. We may receive reports based on the use of these technologies by Third-Party Sources that provide us services on an individual as well as aggregated basis. Cookies are used to identify which website or marketing campaign you came from, which areas of the Site you visited and your actions on the Site, and where you go when you leave the Site. Cookies may be “session” cookies and deleted after you leave the Site or “persistent” cookies that are stored. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, which are used to track the online movements of web users. In contrast to cookies, clear gifs are embedded invisibly on web pages, emails or advertisements and track clicks. We use clear gifs to determine whether Our marketing campaigns are successful, such as to determine whether you open an email We send or whether you click on the links within the emails We send. Generally, We use these technologies to:
We may partner with third-parties to manage Our advertising on third-party sites. Our third-party partners may use technologies such as cookies to gather information about your activities on this Site and other sites to advertise to you based upon your browsing activities and interests. If you do not wish to have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking http://www.networkadvertising.org/managing/opt_out.asp or by visiting the relevant ad network (Google Ads is available here: https://www.google.com/settings/ads). There are multiple other resources that allow you to opt out of web tracking at the browser level by following the browser’s instructions. We respect your Do Not Track choices instituted at the browser level.
We Share Information We Collect In The Following Ways:
We do not sell (as that term in generally understood as in for monetary remuneration), rent or lease the information We collect to third parties. Sale under CCPA is a broader concept. Under CCPA a “sale” is providing access to or disclosing personal information to a third party for monetary or other valuable consideration.
Third-Party Service Providers, Widgets, Websites, Ads And Content May Be Provided Through The Site.
The Site may contain links to websites or content sponsored or provided by third parties. These sites and services may use their own cookies or data tracking technologies to collect data or information from you. We do not control the practices of these third parties or their websites or content. We are not responsible for the privacy practices or the content of these third parties. We do not share the information that you provide Us with these third parties, however, these third parties may obtain information about you if you click on a third-party link. Certain widgets on the Site (such as social media widgets), may collect information about you automatically through cookies and may combine information about your use of Our Site with information they collect in other areas. We have no control over the practices of these widgets and are not responsible for their privacy practices. Please visit the privacy policies of these third parties to learn more about how they collect and use your information. Some of the ads you receive on websites are customized based on predictions about your interests generated from your visits over time and across different websites from an ad network. This is called interest-based advertising and is enabled through your computer browser and browser cookies. These ads are provided based on information owned or controlled by an ad network, and subject to the ad network’s privacy policies. We provide you information on how to opt out of these types of interest based advertisements in the Notice, Access and Choice section of this Policy. We may use other third-party service providers such as an email service provider to send out emails on Our behalf, a career management platform to collect resumes, or a chat widget that allows Us to communicate with you. We may share your information with these service providers, and others, as necessary for them to perform their functions.
We Use Commercially Reasonably Means To Protect The Security Of Your Personal Information.
No method of transmission over the Internet, or method of electronic storage, is 100% secure. We use commercially reasonable means to protect your personal information, but We cannot guarantee its absolute security.
You Have Choice Regarding Providing Personal Information.
We do not require that you provide information through Our Site, however, if you do not choose to provide information, We may not be able to offer or provide services to you. You may opt-out of receiving promotional emails from Us by following the instructions about opting out in those emails. If you opt-out, We may still send you non-promotional communications, such as emails about your accounts, product notices, or Our ongoing business relations.
Opt Out for California Residents under CCPA. A California resident may opt out of having Smarsh transfer information to third-parties for the purposes of offering products or services by clicking the following link on or after January 1, 2020: https://www.smarsh.com/do-not-sell-my-personal-information, which will also be available on the footer of the website. Opting out may prevent us from being able to offer you products and services. If you opt out, We may still send you non-promotional communications, such as emails about your accounts, product notices, or Our ongoing business relations.
You Can Request Access To Your Personal Information, Understand Data Retention And Employ The Right To Be Forgotten.
CCPA Personal Information Requests. California residents may request personal information or request erasure of personal information not more than twice in a twelve-month period. Smarsh will need to collect information to verify the identity of the requesting California resident. Smarsh will respond to a request from a California resident within thirty days. On or after January 1, 2020, a California resident can make a personal information request at https://www.smarsh.com/CCPA-request, call Smarsh at 1-866-SMARSH-1, or, email firstname.lastname@example.org. In some cases, We may be unable to delete your personal information, in which case We will let you know if We are unable to do so and why.
We will retain your information for as long as We determine is necessary. We will retain data We process on behalf of Our Clients for as long as needed to provide services to Our Client, or for the retention period requested by a particular Client or as determined by a particular Service.
Right to be Forgotten. You may contact Us at Smarsh, 851 SW 6th Avenue, Ste 800, Portland, Oregon 97204 or email@example.com to access your information that We store and process and to request that We delete or amend your information, or to opt out of your information being shared with third parties. In some cases, We may be unable to delete your personal information, in which case We will let you know if We are unable to do so and why. We will respond to your access request within 30 days.
You Can File A Complaint And Under Certain Conditions, Invoke Binding Arbitration:
In compliance with the Privacy Shield Principles, We commit to resolve complaints about Our collection or use of personal information. European Union individuals with inquiries or complaints regarding Our Privacy Shield policy should first contact Smarsh at: firstname.lastname@example.org or to Smarsh Inc., Legal Department, 851 SW 6th Ave., Suite 800, Portland, OR 97204. We will respond to your questions or complaints within 30 days. Following receipt of a complaint, if necessary, We will investigate the issue and provide you with information regarding the investigation and resolution of the complaint.
We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider. If you do not receive timely acknowledgment of your complaint from Us, or if We have not resolved your complaint, please contact or visit JAMS for more information or to file a complaint at https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim. JAMS’ services are provided at no cost to you.
Under certain conditions, an individual may invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. For additional information see: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
The Federal Trade Commission has jurisdiction over Our compliance with Privacy Shield.
We commit to cooperate with the Swiss Federal Data Protection and Information Commissioner.
851 SW 6th Avenue
Portland, Oregon 97204