General Information 

1. We Are a Privacy Company – And We Practice What We Preach 

   We are pretty excited you’ve decided to visit our website (www.PrivacyCode.ai) and investigate our Privacy Engineering SaaS solution (our “Services”). PrivacyCode, Inc. (“PrivacyCode”, “we”, “us”, “our”) are dedicated to helping companies meet their legal and ethical obligations when it comes to what they do with your personal information, because that is essential to building trust with you. We are also working to earn your trust, and are taking steps to better communicate about, manage and protect the personal information you give us. We generally control the personal information you provide when you use our Services and this Privacy Notice (the Notice) explains how we collect, manage, use, transfer or otherwise process that personal information. This Notice will also explain how to contact us and exercise the privacy rights you have under applicable laws. 

2. Information about PrivacyCode

   PrivacyCode is a Delaware corporation, doing business operating a Privacy Engineering SaaS platform. PrivacyCode does not sell or market to the general public, nor does PrivacyCode sell personal information. 

3. Scope of this Privacy Notice

   This Privacy Notice applies to (a) what personal information we decide to collect, (b) why we collect it and (c) how we use that personal information as the business or controller. To be clear, this Privacy Notice does not cover any personal information our clients choose to collect and share with PrivacyCode, where we are the not the business or controller, but rather the service provider acting on behalf of our clients. Additionally, our website (“Site”) and Services may contain links to other websites, applications and services from third-parties. The privacy and data security practices of those third-party sites are governed by the privacy policies of those third-parties and not PrivacyCode.

Collection of Personal Information and Purposes of Use

1. Collection of Personal Information and Its Use

   The personal information PrivacyCode collects is generally determined by you and your interaction with us, our partners, publications and other resources. 

   
   How and where does PrivacyCode collect Personal Information? 

   PrivacyCode collects information relating to or identifying individuals (“Personal Information”) from business prospects, clients, participants at events, business partners and vendors and their employees, advisors, contractors and individuals who choose to use our Services on others behalf (collectively, “Individuals”) who:

• Visit our Site;

• Visit our offices;

• Receive or send communications from/to us, including email, phone calls, and mail;

• Uses our Services as a client or authorized user (for example, an employee logs into their PrivacyCode account as part of use of our Services);

• Register for, attend and/or otherwise take part in our events, webinars, etc.;

• Download or otherwise engage our content or publications;

• Submit a request for an action, support or information;

• Participate in recorded meetings or events;

• Engage with our client service or employees;

• Apply to work with us, view or share job postings; or

• Work at a partner or supplier of ours and interact with PrivacyCode in the course of doing business or contemplating doing business with us.

We collect Personal Information from a variety of sources, including but not limited to:

• The person who is giving us their personal information;

• Clients who give us personal information on behalf of employees who use our Services;

• Publicly available sources (such as a LinkedIn profile); and

• Business partners, service providers and/or vendors.

What type of Personal Information do we typically collect?

• Name and email, possibly a phone number and business role if so provided by you;

• User organization name and organization’s address;

• Audio and video recordings of meetings, even attendance;

• Trainings;

• Downloads and/or other publications;

• Information in connection with visitors’ use of the Site as collected by our website hosting platform Squarespace, including pages and files viewed, operating system, searches, system configuration and date/time stamps associated with Site usage.

What Personal Information do we collect automatically? 

When using our Services, in particular this Site, we use devices that collect information about the device or browser you use to navigate the Site or from your use of the Services, including:

• Cookies. When you use or visit our Services, the software we use may send one or more cookies — small text files containing a string of alphanumeric characters — to your computer or device to identify your browser, computer, or device. A cookie may also convey other information, such as your Internet Protocol (IP) address; device identifiers; browser settings and specification and information about how you use the Service (e.g., the pages you view, the links you click, features and functionalities you utilize, how frequently you access the Service, and other actions you take on the Service). Cookies also allow tracking of your usage of the Service over time. We do not use cookies or other devices to track you across the web. We can see how you use our Services, but that is all the information we are getting, and in most cases that data does not individually identify you, but uses that information as part of a larger group of data to help us understand what is going on with our business, not your business.

• Log Files. We may record log file information each time you access the Services. This information may include your requests or actions; IP address; browser type; unique device identifiers; information about your computer or device; the number of clicks; how you interact with links, features, or functionalities on the Service; and other PrivacyCode platform information.

• Clear Gifs. We may employ clear gifs (also known as web beacons or pixel tags) which collect information about you, your computer, or devices such as your requests or actions; IP address; unique device identifiers; browser type; information about your computer or device; how you interact with links, features, or functionalities of the Service; information about cookies; all of which can show your Service usage patterns on our platform. Again, this is information about our business, not yours.

We use or may use the data collected through these technologies to: (a) remember information so you will not need to re-enter it the next time you access the Services; (b) identify you across multiple devices so access to the PrivacyCode platform is uninterrupted; (c) provide and monitor the effectiveness of our Services; (d) monitor aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on our Services; (e) diagnose or fix technology problems; and (f) otherwise to plan for and enhance our Services.

If you would prefer to avoid cookies, most browsers allow you to: (i) change settings to notify you when you receive a cookie, allowing you to accept it or not; (ii) disable existing cookies; or (iii) set the browser to automatically reject cookies. Note doing so may completely hijack your ability to use our platform. If we can’t recognize you as a user, then that is going to negatively impact your experience using our Services, as certain functions may not work properly. Depending on your device and operating system, you may not be able to delete or block all cookies. If you wish, you may also set your e-mail options to prevent automatic downloading of images that may contain technologies allowing PrivacyCode to know if you have accessed our e-mail and performed certain functions with it.

For more information about how we use Cookies, please see Annex A – Cookies, at the bottom of this Privacy Notice.

2. How We Use the Data

PrivacyCode collects Personal Information for a number of purposes, including but not only the following:

• Providing the Services, including:

  • Promoting the security of our Site and Services by tracking use, enforcing our terms and policies, investigating and preventing fraudulent, suspicious or illegal acts, and seeking to prevent any unauthorized access to the Services;

  • Operating and maintaining the Services (e.g., billing and account management);

  • Responding to inquiries for action, support and/or information;

  • Sending technical alerts, updates, or security notifications, plus educational and administrative communications;

• Pursue Legitimate Business Interests:

  • Meeting contractual obligations to clients and partners;

  • Registering visitors to our offices for security purposes;

  • Enabling us to understand and engage with those interested in our Services, content, and work,

  • Analyzing clients' use of the Services and Site for trends, marketing, advertising, improvements, security purposes and continued proper functioning;

  • To send marketing messages about us and the cool events we are having;

  • Internal training and research.

• Legal Obligations:

  • Working to meet legal obligations, any remedies available, limiting damages, complying with judicial proceedings, court orders or legal processes.

Otherwise Where We have Obtained Consent:

• We may disclose certain personal information to a third party with that person’s consent.

Where we need to collect Personal Information by law or under a contract with you, and you fail to provide the Personal Information requested, such deficiency is likely to prevent us from meeting our obligations.

If you provide us with Personal Information relating to another person, you must confirm you have informed that other person of our identity and why their Personal Information is required and how it will be used, and they must have given consent (preferably written) to share their information with us. THEY have to consent and we will need evidence of that consent. Please know you cannot consent for them.

Sharing and Disclosure of Personal Information

We may share Personal Information to vetted and contract-bound third-parties for certain purposes, including the following:

• General Business Purposes: We may share information with consultants and service providers for client or technical support, marketing, recruiting, operations, security of our Services, account management, and legitimate business purposes;

• Compliance with the Law: We may disclose information to a third-party where legally required to comply with applicable laws, regulations, legal processes or government requests.

• Protection of our Rights: We may also disclose information where it is needed to protect or exercise, establish or defend our legal rights;

• Business Transfers: We may share or transfer information to support negotiations of or for a merger, sale of company assets, financing, or acquisition of all or a portion of the business to another company;

• Managing Events: If you use our Site to register for an event or webinar organized by a partner, we may share your Personal Information with that partner to process your registration and ensure your participation in the event. When this happens, our partner will process the relevant Personal Information as a separate business and their use and control over your Personal Information will be governed by their privacy policy and policies;

• Receiving Professional Advice: In certain instances, we may share Personal Information with professional advisers acting as processors or joint controllers, including lawyers, bankers, auditors and insurers, who provide their professional services, but only to the extent we legally must do so or have a legitimate interest in sharing information;

• Publicly Shared Information: Any Personal Information or other data you choose to submit in communities, forums, blogs or chat rooms on our Site or Services may be read, collected and used by others who visit these forums, depending on account settings. We don’t have any of these fun things right now, but we may in the future.

International Transfers, Security and Information Retention

1. Use of Personal Information in the US, and Elsewhere

   Our Site servers are located in the United States and to our knowledge all third-party Service Providers operate in the United States. This means when we collect Personal Information from you, We are processing it in the United States. NOTE: PRIVACYCODE IS A US BASED AND US CENTRIC COMPANY. WE DO NOT HAVE A PRESENCE IN, BUSINESS IN, OR SOLICIT BUSINESS FROM OUTSIDE THE US. Yet.

2. Security

   You acknowledge that using data and Personal Information online inherently involves risks of unauthorized disclosure or exposure because there are jerks out there who apparently don’t know any better. By your use of online services, you have assumed those risks. In an effort to mitigate and combat those risks, PrivacyCode employs and utilizes appropriate technical, organizational and administrative security measures designed to protect the security, confidentiality and integrity of your Personal Information. 

3. Data Retention

PrivacyCode will retain Personal Information for only as long as we need it to meet legitimate business needs such as operating and providing our Services to a client who you work for. We must determine the appropriate retention period for Personal Information in light of the purposes for which that Personal Information was collected, the amount, nature and sensitivity of what Personal Information is used, any potential risk from unauthorized use or disclosure of that information, and whether we can achieve the purposes of the use through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).Typically, when we do not legitimately need the Personal Information to perform our Services or meet a business obligation, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Information has been stored in backup archives), we will securely store it and isolate it from any further processing until deletion is possible. 

Your Privacy Rights

1. What You Can Ask Us to Do

At this time, PrivacyCode.ai is not subject to the requirements of state privacy laws, including those in California, Virginia or Colorado, plus we believe in best practices, in particular data minimization, so we limit the personal information we collect to only that which is necessary for operations and security. That said, if you believe we have personal information from you, and you would like to exercise certain privacy rights, you can reach out to us for the following: 

• You can access, update, change, request a copy (portability) or delete Personal Information directly in your account or profile on your employer’s account. 

• If you wish to access, update, change, request a copy (portability) or deletion of your Personal Information where we are the business or controller of the purposes of that data use, you can do so at any time by contacting Us via email at info@privacycode.ai or by using the contact details provided under the “How to contact Us” heading below. Please provide the following: 

• your name;

• type of request:

• approximate date of collection of the information; and 

• a valid email address to contact you. 

• Where you are an employee of a company using our Services, if you wish to access, update, change, request a copy (portability) or delete your Personal Information, please first contact your employer. If the employer is not responsive to your request, you may reach out to us at via email at info@privacycode.ai, but we may not be able to meet your request in light of your relationship with your employer and our legal obligations to them as our client.

• NOTE: We do not have a presence in the UK, EU, Switzerland or other country in the European Economic Area. We do not market or solicit inquiry from those regions, or anywhere other than North America. If, as a resident of the UK, EU, Switzerland or other country in the European Economic Area, you believe we have personal data from you, you may submit a request to info@privacycode.ai to (a) object to processing of your personal data, (b) ask us to restrict processing of the same, or (c) request portability of your personal data. In any such inquiry, please provide the following: 

• your name;

• type of request:

• approximate date of collection of the information; and 

• a valid email address to contact you. 

• PrivacyCode does not use or process any Personal Data or Personal Information which would subject a person to a decision based solely on automated processing, including profiling, which produces legal effects ("Automated Decision-Making"). Automated Decision-Making currently does not take place on our Site or in or as part of our Services. 

• You have the right to opt-out of marketing communications we send at any time. You can exercise this right by clicking the “unsubscribe” link in the marketing communications or by using the contact details provided under the “How to Contact Us” heading below. Please note opting-out of the receipt of marketing communications from us does not opt you out of receiving important business communications related to your current relationship with us, such as communications about your subscriptions or event registrations, service announcements or security information.

• If we have collected and used your Personal Information with your consent, you can withdraw your consent. Withdrawing your consent will not affect the lawfulness of any processing conducted prior to that withdrawal, nor will it affect the use conducted in reliance on lawful processing grounds other than consent. 

2. The GPC Do Not Track Signal

We recognize the Global Privacy Control (“GPC”) signal. The GPC is a browser setting that allows consumers to opt-out of targeted advertisements and/or the sale of personal information through a pre-determined signal.  The GPC allows you to make a single opt-out request that applies to websites that are able to recognize the signal. PrivacyCode’s Site recognizes such a signal. 

3. Verification of a Consumer Request 

Please note we may need to verify your identity in connection with your requests, and such verification process may, if you do not have access to your account, require you to provide additional information maintained about you to verify your identity. Even if you have access to your Account, we may request additional information if believed necessary to verify your identity. If we are unable to verify your identity or request, we may not, in accordance with applicable law, be able to fulfill your request.

4. Response Timing and Format

We will confirm receipt of your request within ten (10) business days. We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we need more time (up to another 45 days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account, that written response will be sent by mail or electronically, depending on the format of the request. The response will also explain any reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information in that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. 

We do not charge a fee to process or respond to a verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine the request warrants a fee, we will tell you why that decision was made and provide you with a cost estimate before completing your request.

5. Personal Information Sales Opt-Out and Opt-In Rights

We do not intentionally collect the Personal Information of consumers and sell, or intentionally share in any way the Personal Information We process in a way that could constitute a sale for value. 

Children

Our Services and Site are not geared or in any way directed to individuals under the age of 18. We do not knowingly collect Personal Information from those under 18. If you are a parent or guardian and believe your child has provided Personal Information to us without your consent, please send an email to privacy@PrivacyCode.com, or by any method identified in the “How to Contact Us” section below, and we will take steps needed to delete any under 18 Personal Information from our systems.

Changes to Our Privacy Notice

We will need to update and amend this Notice. When we make changes to this Notice, we will post a visible notice or banner on our site, noting such changes and effective date of those changes. Your continued us of our Site and Services following the posting of changes constitutes notice and acceptance of such changes.

“How to Contact US” Information

If you have questions or comments about this Notice, the ways PrivacyCode collects and uses Personal Information, your choices and rights regarding that use, or you wish to exercise your rights under applicable data privacy laws, please do not hesitate to contact us at:

Email: info@privacycode.ai 

Postal Address:

PrivacyCode, Inc.

Attn: Privacy Team

c/o 2650 Birch Street 

Ste. 100

Palo Alto, CA 94036

If you need to access this Notice in an alternative format due to having a disability, please contact info@privacycode.ai 

ANNEX A – COOKIES

Purpose

Necessary: Performance