legal
Blue Mantis Privacy Policy
LAST UPDATED: [AUG 29, 2024]
Blue Mantis, Inc. and its affiliates and subsidiaries (“Blue Mantis,” “we,” “our,” or “us”) is committed to respecting and protecting your privacy. This Privacy Statement applies to our websites and services, including www.bluemantis.com, and all related websites, web-based services, and mobile apps (the “Sites and Services”).
This Privacy Statement explains what Personal Data we collect from visitors to the Sites, how we use and disclose that information, and the rights and choices you have in connection with that information, including how you can limit certain uses and disclosures of your information. When we refer to “Personal Data,” we mean information about an identified individual or about an individual whom we could identify. Subject to applicable law, Personal Data generally does not include publicly available information or anonymized or de-identified data.
This Privacy Statement does not apply to third-party websites, products or services, even if they link to the Sites and Services. We recommend you review the privacy practices of those third parties before connecting or accessing third party websites and disclosing any Personal Data. See the section titled Links to Other Sites for more information. This Privacy Statement also does not apply to Personal Data we may collect, use, or disclose when we are providing Managed Services Support or Cybersecurity & Risk Advisory Services to our clients, or otherwise acting on behalf of our clients. We do not determine the purpose or means of processing that Personal Data. Instead, you should refer to the privacy statement of the client to which we are providing those services to understand how that client (and us as its vendor) may collect, use, or disclose your Personal Data in that context.
Similarly, this Privacy Statement does not apply to our careers page hosted by Pinpoint or to Personal Data we collect or use about job applicants or employees, except for California residents. We collect, use, and disclose Personal Data about job applicants or employees for different reasons than other Personal Data we may collect, use, or disclose. For information about how we collect, use, or disclose Personal Data about job applicants or employees who are California residents, please see the Additional Information for Job Applicants and Employees About the CCPA section. For information about how we collect, use, or disclose Personal Data about job applicants or employees who are located in other countries, please contact us using information in the Contact Us section.
Without prejudice to your rights under applicable laws, this Privacy Statement is not contractual and does not form part of your contract with Blue Mantis or its affiliates or subsidiaries.
Any questions or requests regarding this Privacy Policy should be directed to your dedicated account manager, as assigned by Blue Mantis, or by contacting us using the information in the Contact Us section.
1. Types of Personal Data We Collect and Why
We may collect the following categories of Personal Data, for the purposes stated in the chart.
Category of Personal Data | Examples | Purpose of Collection and Use |
Identifiers | First and last name, contact information, device ID or IP address and user-generated content (including reviews and feedback) | Provide and enhance the Sites, Detect and prevent fraud, Market or advertise to you, Communicate with you, Comply with legal or regulatory obligations. |
Commercial and financial information | Products or services purchased, obtained, or considered; product and service usage history; payment history or account activity; financial or bank account information and other information relating to your financial institution, including payment card information; and/or other purchasing or consumer histories or tendencies | Provide and enhance the Sites, Detect and prevent fraud, Market or advertise to you, Communicate with you, Comply with legal or regulatory obligations. |
Internet or other electronic activity information | Browsing and app history; clickstream data; browser and operating system type; navigation paths; date/time stamps; cookie identifiers; clear gifs; Internet service provider (ISP); referring/exit pages; device identifiers; and other information about device characteristics and how you interact with our apps/Sites and Services | Provide and enhance the Sites, Detect and prevent fraud, Market or advertise to you, Communicate with you, Comply with legal or regulatory obligations. |
Geolocation data | Device location; geolocation; IP address; cell network data; and/or other similar locational data | Provide and enhance the Sites, Detect and prevent fraud, Market or advertise to you, Communicate with you, Comply with legal or regulatory obligations. |
Electronic information | Session replay | Provide and enhance the Sites. |
Professional or employment-related information | Employer name, professional contact information | Detect and prevent fraud, Market or advertise to you, Communicate with you, Comply with legal or regulatory obligations. |
Inference information | Inferences we may infer from other Personal Data we have collected, which may include preferences and characteristics | Provide and enhance the Sites, Detect and prevent fraud, Market or advertise to you, Communicate with you, Comply with legal or regulatory obligations. |
2. How We Collect Information
We may collect Personal Data from the following sources:
Sources of Personal Data | Categories of Personal Data We Collect |
Directly from you We may collect Personal Data from you when you interact with our Sites or Services, submit inquiries or request information from us, engage our services (by you or by your email or an entity within your employing enterprise), or otherwise contact or communicate with us. We may also collect Personal Data from you when we send you marketing information about our products, services, sales, events, and/or promotions via phone, email, or other means. We may also disclose information across our business units or brands to identify or facilitate potential sales opportunities. We may use Personal Data to improve how we reach you, the content we share with you, to conduct market research, and to improve business operations, our platform, and overall customer engagement. Finally, we may collect Personal Data from you when we process your requests to us, including sales and service requests (such as by field service personnel), and requests for information. | Identifiers, Commercial and financial information, Internet or other electronic activity information, Geolocation data, Electronic information, Professional or employment-related information, Inference information. |
Automatically We may collect Personal Data from you automatically when you visit the Sites or as you interact with us. Moreover, if you load or interact with a chatbot on the Site, Blue Mantis or its vendors may automatically collect additional information about your interactions with Blue Mantis and the chatbot, such as IP address, device and browser information, and the page on the Site that you are visiting. Blue Mantis uses Chat by Drift. Any automatically collected information, even if collected by Drift on Blue Mantis’s behalf, is subject to the Privacy Policy and is used and disclosed as described herein. See the Chat-based Communications and Cookie, Pixel, and Session Replay Policy sections for more information. | Internet or other electronic network activity, Geolocation data. |
Our service providers and third-party vendors The Sites may use third-party analytics services. These services may record mouse clicks, page views, mouse movements and scrolling activity and are used by Blue Mantis to analyze trends and administer the Sites. | Identifiers, Internet or other electronic activity information, Electronic information. |
Third parties We may collect Personal Data from third-party social media platforms and sites, such as when you engage with our social media pages, online communities and forums, and when you mention us on your own or other social media pages, online communities or forums. Please note that online forums may be publicly accessible and other individuals may view information you post in the forums. If you are involved in a business relationship with us, we may also obtain some limited information about you indirectly, for example from your colleagues or your company, or from publicly available sources such as the Internet and/or subscription-based services. | Identifiers, Internet or other electronic activity information, Professional or employment-related information. |
3.Parties To Whom We May Disclose Information
We disclose Personal Data (and may have sold or shared Personal Data for purposes of California law) as shown in the following table. For more information about California law, see the California Consumer Privacy Act (CCPA) section.
Categories of Third Party Recipient and Purpose for Disclosure | Categories of Personal Data We May Disclose |
Channel Partners We sell our services directly and through channel partners. When you contact us regarding purchasing one of our services, we may disclose your Personal Data to a channel partner in order to fulfill your request. | Identifiers, Professional or employment-related information. |
Affiliates We may disclose Personal Data to our business units, subsidiaries, joint ventures, brands, or other companies under our common control (collectively, “Affiliates”) for the purposes described in this Privacy Statement. We will require our Affiliates to honor this Privacy Statement. | Identifiers, Commercial and financial information, Internet or other electronic activity information, Geolocation data, Electronic information, Professional or employment-related information, Inference information. |
Our service providers and third-party vendors We use third-party vendors to perform operational functions related to our Sites and Services. Some of these vendors (e.g., marketing automation vendors or hosting providers) may have access to your Personal Data, but only as necessary to provide services to us. If the third-party vendor is our service provider, we have agreements in place with the vendors requiring your information to be kept confidential and reasonable data security measures to be used to protect it. We also disclose your Personal Data to vendors (for example, marketing automation vendors or hosting providers) as needed to assist us with business operations, but in such instances, these vendors are contractually required to keep your information confidential. | Identifiers, Internet or other electronic activity information, Electronic information, Professional or employment-related information. |
Marketing, Advertising, and Analytics Providers for Our Marketing and Brand Purposes We may disclose Personal Data to third-party providers for marketing, advertising, and analytics purposes. For additional information regarding our advertising practices, please see the Advertising section. We may also disclose Personal Data to third-party providers for commercial prospecting, product development, and to conduct product and branch perception and awareness surveys. | Identifiers, Commercial and financial information, Internet or other electronic activity information, Electronic information, Professional or employment-related information. |
Government entities We may disclose Personal Data to government entities and agencies, regulators, law enforcement, and other third parties, including to comply with applicable laws and regulations, to respond to a subpoena, search warrant, or pursuant to legal process, and to establish or exercise our legal rights or for fraud or crime-prevention purposes or for the protection of the rights, property, or safety of our company or third parties. We may also disclose Personal Data in relation to a known or suspected violation of our terms of use, fraud prevention or other unlawful use, including with entities assisting us with an investigation, or as may be required by applicable law. | Identifiers, Commercial and financial information, Internet or other electronic activity information, Geolocation data, Electronic information, Professional or employment-related information. |
Business partners We may engage third parties to perform certain functions on our behalf. To do so, we may disclose Personal Data to our third-party business partners and service providers in order to maintain and operate the Sites and Services and provide, improve, and personalize the Sites and Services, including to fulfill requests for the Services, and for other technical and processing functions, such as sending emails on our behalf and technical support. | Identifiers, Internet or other electronic activity information, Electronic information, Professional or employment-related information. |
Professional Service Firms We may disclose Personal Data to professional service firms in connection with our legal and regulatory obligations and to establish or exercise our rights and defend against claims, including, for example, auditors, law firms, and consultants. | Identifiers, Commercial and financial information, Internet or other electronic activity information, Geolocation data, Electronic information, Professional or employment-related information, Inference information. |
Successor organizations Subject to applicable law, we reserve the right to transfer some or all Personal Data in our possession to a successor organization in the event of a merger, acquisition, bankruptcy, or other sale or transfer of all or a portion of our assets. If any such transaction occurs, the purchaser will be entitled to use and disclose the Personal Data collected by us in the same manner that we are able to, and the purchaser will assume the rights and obligations regarding Personal Data as described in this privacy statement. | Identifiers, Internet or other electronic activity information, Electronic information, Professional or employment-related information. |
4. Chat-Based Communications
The Sites may include certain functionality permitting you to engage in real-time, direct communications with Blue Mantis representatives using live chat or to interact with automated self-service software through a chatbot. Blue Mantis uses Chat by Drift. When you interact with the chatbot on the Sites, all the information you choose to provide to the chatbot may be collected and associated with your name or your IP address and a transcript of your interactions or communications with or through the chatbot may be created and stored. You should not enter any information into the chatbot that you would not want saved. When you communicate with Blue Mantis through the chatbot, those communications are saved in order to process your inquiries, respond to your requests and improve Blue Mantis’s services. By interacting with the chatbot, you agree that your interactions with Blue Mantis may be stored or analyzed, including by Drift on Blue Mantis’s behalf.
5. Cookie, Pixel, and Session Replay Policy
a. Usage Info and Cookies
When you access the Sites, our servers automatically collect and record the Internet Protocol (“IP”) address associated with your computer. We may also collect additional information such as a device ID, browser type and version, the operating system of your device and language, country, the date and time of visits, your IP address, the pages viewed, time spent on the Sites, and the websites visited just before and just after a Site. This information is used to help us administer the Sites, and it is transmitted automatically by your web browser. This information may be appended to your profile information to remember your preferences, and diagnose technical problems.
We may use cookies to collect this information. Cookies are small data files sent by a website and stored on the computer or device at the request of that site. Cookies store information related to a user’s browser to enable us to recognize your device on return visits to the Sites and to remember your preferences.
Most browsers allow you to control cookies, including whether or not to accept them and how to remove them. If you want to block the use and saving of cookies from the Sites on to the computer’s hard drive, you should take the necessary steps within your web browser’s settings to block all cookies from the Services and external serving vendors. Please note that if you choose to erase or block your cookies, certain parts of our Services may not function correctly. For information on how to disable cookies, refer to your browser’s documentation.
We may also use web beacons, pixels, or similar collection mechanisms, and in certain circumstances may collect IP addresses, screen resolution and browser software and operating system types, clickstream patterns, dates and times that our site is accessed, and other categories of data.
b. Do-Not-Track
The Sites are not designed to support Do-Not-Track functionality. Do-Not-Track is a preference you can set on your web browser to inform websites that you do not want to be “tracked’ by third parties. The Sites do not respond to Do-Not-Track Signals as it does not track you when you leave a Site. Our third-party service providers, who provide ad serving, retargeting services and web analytics services to us, may not respond to Do-Not-Track signals. If an individual comes to a Site directly with a Do-Not-Track signal enabled on their browser, we do not look for the Do-Not-Track signal or respond to it; even if a Site looks for the Do-Not-Track signal, it does not respond to it.
c. Interest-Based Advertising
We do not display advertisements on the Sites but we do participate in interest-based advertising to place advertisements on unaffiliated sites using information you provide us when you interact with the Sites. Interest-based ads, also known as personalized ads, are ads that are targeted to you based on your web browsing and app usage over time and across websites or apps. For example, the Sites may use third-party ad servers, retargeting services, and web analytics systems, such as Google, to analyze aggregate web usage statistics and provide us the ability to display advertisements about our services to you when you have left our site.
You have the option to restrict the use of information for interest-based advertising and to opt-out of receiving interest-based ads. Some of these third parties may use cookies and other technologies to collect information about your online activities over time and across third-party websites or online services to deliver advertising based on your interests and preferences, as inferred from your browsing history. Some of these ads may be personalized, meaning that they are intended to be relevant to you based on information that those third-party Providers collect about your visits to this site and elsewhere over time.
To learn more about this type of advertising and how to opt-out of this form of advertising, you may either visit optout.aboutads.info to opt-out of sites and services participating in the Digital Advertising Alliance (“DAA”) self-regulatory program, or visit optout.networkadvertising.org to opt-out of this form of advertising by members of the Network Advertising Initiative (“NAI”). Note that electing to opt-out will not stop advertising from appearing in your browser or applications, although it may make the ads you see less relevant to your interests. This opt-out works through cookies set on a particular browser, so if you delete cookies from a web browser, or use a different browser, you will need to opt out again.
Your choice to opt out on a particular browser or device will apply only to the collection and use of information from that particular browser or device. Opting out on a particular device will not opt you out of information collection on other devices, nor will it limit cross-device sharing on those other devices. If you use different browsers on a device or multiple devices, for each browser and device you wish to opt out, please opt out each device and browser separately at optout.aboutad.info and at optout.networkadvertising.org.
Your choice to opt out on a particular browser or device will apply only to the collection and use of information from that particular browser or device. Opting out on a particular device will not opt you out of information collection on other devices, nor will it limit cross-device sharing on those other devices. If you use different browsers on a device or multiple devices, for each browser and device you wish to opt out, please opt out each device and browser separately at optout.aboutad.info and at optout.networkadvertising.org.
d. Session Replay
We partner with third parties to capture how you use and interact with the Sites through behavioral metrics, heatmaps, and session replay. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. We use this information as described in the Types of Personal Data We Collect And Why section. Examples of the third parties we partner with are Microsoft Clarity and Microsoft Advertising, and for more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement. We do not use these technologies to collect information that is inconsistent with your intent, and we do not use it to record sensitive information related to credit cards. We do not provide information gathered to third parties other than our service providers.
6. Aggregated, De-identified, or Anonymized Data
We may create aggregated, de-identified, or anonymous information from Personal Data by removing certain data components (such as your name, email address, or linkable tracking ID) that makes the data identifiable, or through aggregation, obfuscation or other means. For example, we may use aggregated, de-identified, or anonymized information to understand how to improve or enhance the Sites. Subject to applicable law, our use of such aggregated, de-identified, or anonymized information is not Personal Data or subject to this privacy statement.
7. Your Choices
You have certain choices with respect to your Personal Data.
We may use your contact information to send you email messages regarding updates to the Sites, such as the publication of new Blue Mantis information and content, promotional offers, or to communicate with you about Blue Mantis. You may opt-out of receiving these emails at any time via the unsubscribe link contained in the email message.
We will communicate with you only according to your preferences provided to us. We may use your contact information to send you messages regarding updates to the Sites. You may opt-out of receiving these messages by following the unsubscribe link contained in the message, or by contacting us through the information contained in the Contact Us section. You may not be able to opt-out of receiving certain messages from us, such as transactional communications or legal notices.
7. Localization of Data Storage and Processing
a. Location of Our Operations
We are a global organization. Our Sites and Services are provided primarily in the United States, with supporting offices in Canada and India. If you are located outside of the United States, any information you provide to us will be transferred to, processed, and/or maintained in the United States. If you are located outside of the United States, the transfer of Personal Data may be necessary to provide you with the requested information and services and/or to perform any requested transaction.
b. Data Transfers
The provision of these services may involve the processing of Personal Data by companies located in countries outside the European Economic Area (international data transfers). However, it will only be done with countries that offer an adequate level of protection or have made available to us Standard Contractual Clauses (SCC) in accordance with the decision of the European Commission to Data transfers from controllers in the EU to processors established outside the EU.
Specifically, information we collect from you might be processed in the United States, and by using these services you acknowledge and consent to the processing of your data in the United States.
9. Links to Other Sites
Our Sites may include social network sharing widgets that may provide information to their associated social networks or third-parties about your interactions with our web pages that you visit, even if you do not click on or otherwise interact with the plug-in or widget. Information is transmitted from your browser and may include an identifier assigned by the social network or third party, information about your browser type, operating system, device type, IP address, and the URL of the web page where the widget appears. If you use social networking tools or visit social networking sites, we encourage you to read their privacy disclosures to learn what information they collect, use, and disclose.
10. Children’s Privacy
The Sites and the services offered are not directed to or intended for use by children under 13 years of age. We do not knowingly collect or solicit Personal Data from anyone under the age of 13, or knowingly allow such persons to register for our services, without parental consent. No one under age 13 may provide any Personal Data to us or on the Sites. If you are under 13, please do not attempt to register for the Sites or send any information about yourself to us, including your name, address, telephone number, or email address. If we learn that we have inadvertently collected Personal Data from an individual under age 13 without parental consent, we will take steps to delete the data as permitted by law. If you believe that we might have any information from or about an individual under age 13, please contact us using the information in the Contact Us section.
11. Additional Information For Individuals In California
a. California’s “Shine The Light” Law
Under California’s “Shine The Light” law (California Civil Code § 1798.83), California residents are entitled to request, once a year and free of charge, certain information regarding what types of their Personal Data may be disclosed to third parties and, in some cases, affiliates, for those third parties’ and affiliates’ own direct marketing purposes. Under this law, a business is to either provide California customers certain information upon request or permit California customers to opt-out of this type of disclosure. You may request this information by contacting us using the information in the Contact Us section and indicate in the email subject line, “California Shine The Light Request.” Please include your mailing address, state of residence, and email address with your request.
b. The California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act, gives California residents enhanced rights with respect to their Personal Data that is collected by businesses.
First, California residents may opt-out of having their Personal Data sold to or shared with other persons or parties.
Second, California residents have a right to know:
What specific pieces of information a business has about the resident;
Categories of Personal Data it has collected about the resident;
Categories of sources from which the Personal Data is collected;
Categories of Personal Data that the business sold, shared, or disclosed for a business purpose about the resident;
Categories of third parties to whom the Personal Data was sold, shared, or disclosed for a business purpose; and
The business or commercial purpose for collecting, selling, or sharing Personal Data.
Third, California residents can request that the Personal Data a business has collected from them be deleted from the business’s systems and records, subject to certain exceptions.
Fourth, California residents can request that inaccurate Personal Data a business maintains about them be corrected.
Fifth, California residents can request to limit use and disclosure of their sensitive Personal Data. Blue Mantis does not process sensitive Personal Data of California residents, except as described in the Additional Information for Job Applicants and Employees About the CCPA section.
Blue Mantis is covered under the CCPA as we collect and process the Personal Data of California residents. This privacy statement provides the required notices to California residents. The CCPA also prohibits covered businesses from providing discriminatory treatment to California residents if they exercise their rights under the Act.
The CCPA defines “sale” to include data transfers for monetary or other valuable consideration. We do not sell personal information about visitors to the Sites for money; however, based on the CCPA’s broader definitions of “sell” and “share,” we may “sell” or “share” your personal information as the CCPA defines those terms. As stated above in the data collection sections, we collect and transmit your data to third-party service providers in order to deliver services to you. The CCPA requires us to state that we do not have actual knowledge that we have sold or shared the Personal Data of California residents under 16 years of age.
To make a “do not sell or share” request, “request to know,” “request to delete,” or “request to correct” your Personal Data, please contact us by mail or email using the information in the Contact Us section. (Please put “California Do Not Sell or Share,” “California Request to Know,” “California Request to Delete,” or “California Request to Correct” in the subject heading of your email.)
We will confirm receipt of your request to know, delete, or correct within 10 days along with a description of what steps we will take to verify and respond. We must provide the requested information or delete your Personal Data within 45 days of receipt of your request but can use an additional 45 days, but we will let you know if additional time is needed.
When contacting us, we may ask you to provide certain, limited Personal Data, such as your name, e-mail address and/or username to verify your request and to match with our records and systems. We will not retain this Personal Data or use it for any other purpose. To inquire about exercising these rights, please contact us using the information in the Contact Us section.
c. Additional Information for Job Applicants and Employees About the CCPA
This subsection contains information about how we may collect, use, and disclose the Personal Data about California residents related to any job application or employment with us. This subsection does not contain information about how we may collect, use, and disclose Personal Data about California residents not related to any job application or employment with us, which is described in the remainder of this Policy. This subsection does not apply to non-California residents.
For example, if you are a California resident and apply for a job with us through the Careers page on our Website, the Policy outside of this subsection explains how we may collect, use, or disclose the Personal Data we collect or generate about you as you browse or navigate our website. This subsection explains how we may collect, use, or disclose the Personal Data you submit by clicking “Submit Application” on our Website to apply for a job.
In the proceeding 12 months, we may have collected the following categories of information about job applicants and employees who are California residents:
Category of Personal Data | Examples | Purpose of Collection and Use |
Identifiers | Name, address, email address, phone number, social security number, online identifier | Communicate with job applicants and employees, Make employment and compensation decisions, Comply with applicable law. |
California Consumer Records law information | Name, social security number, address, telephone number, passport number, driver’s license or state identification card number, education, employment, employment history, bank account number, other financial information, medical information, health insurance information | Communicate with job applicants and employees, Make employment and compensation decisions, Provide employee benefits and compensation, Comply with applicable law. |
Characteristics of protected classifications under California or federal law | Gender, race, ethnicity, veteran status, disability status, sexual orientation, national origin, criminal records | Comply with applicable law. |
Financial information | Bank account information | Provide employee benefits and compensation. |
Internet or other electronic network activity | Network activity, network connections, IP address | Detect and prevent fraud and malicious activity, Ensure network and information security and compliance with our IT and data privacy and security policies, Comply with applicable law. |
Geolocation information | IP geolocation | Detect and prevent fraud and malicious activity, Ensure network and information security and compliance with our IT and data privacy security policies. |
Audiovisual information | Recording of calls or meetings, headshots, sales presentations | Record keeping of meetings as business records, Make employment and compensation decisions. |
Professional or employment-related information | Job titles, compensation, professional experience, employment history, references, education, degrees | Make employment and compensation decisions. |
Education information | Educational institutions attended, dates of attendance, degrees granted | Make employment and compensation decisions. |
Inference information | Inferences about a job applicant’s or employee’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes | Make employment and compensation decisions, Comply with applicable law. |
Sensitive personal information | Social Security number, driver’s license number, passport number, or state-issued identification card number; Racial or ethnic origin; Health information for purposes of ADA reasonable accommodations | Comply with applicable law. |
We may have collected Personal Data about job applicants or employees from the following sources:
Category of Sources | Category of Personal Data about Job Applicants and Employees |
Through job applications and the application and hiring process We may collect Personal Data about job applicants and employees through job applications and related application materials that they submit to us. | Identifiers, California Consumer Records law information, Characteristics of protected classifications under California or federal law, Audiovisual information, Professional or employment-related information Education information, Sensitive personal information (racial or ethnic origin, health information). |
From employees We may collect Personal Data from employees as part of the onboarding process and continued employment process. We may also collect additional Personal Data automatically from employees as they use our information and communication systems. | Identifiers, California Consumer Records Law information, Financial information, Information or other electronic network activity, Geolocation information, Audiovisual information, Professional or employment-related information, Inference information, Sensitive personal information (Social Security number, driver’s license number, passport number, or state-issued identification card number, health information). |
Third-party suppliers We may collect Personal Data about job applicants or employees through third-party suppliers, which may be Service Providers under the CCPA or not. We use these third-party suppliers to conduct background checks, source application information (such as when an individual applies for a position through LinkedIn), or to identify potential candidates who may be a good fit to work with us (such as outside recruitment agencies). | Identifiers, California Consumer Records law information, Professional or employment-related information, Education information, Inference information. |
Other third parties We may collect Personal Data about job applicants or employees through other third parties, such as through reference calls during the hiring process or communicating with other entities to track and maintain appropriate records of education, training, and development activities, or from healthcare providers, as necessary to make hiring, employment, and promotion decisions. | Identifiers, California Consumer Records law information, Professional or employment-related information, Education information, Inference information. |
We disclose Personal Data of job applicants and employees as follows, and we may have done so in the past 12 months:
Category of Third Party Recipient And Purpose Of Disclosure | Category of Personal Data about Job Applicants and Employees |
Service providers We engage third-party service providers to perform a variety of services on our behalf, which may mean that we have to disclose Personal Data about job applicants and employees to these third parties. For example, we may disclose Personal Data to a payroll provider in order to process payroll, or to a SaaS provider to provide software used by employees to fulfill their job duties and discharge their responsibilities. When we disclose Personal Data in this way, we put in place appropriate measures to make sure that our service providers keep the Personal Data confidential and secure. | Identifiers, California Consumer Records law information, Characteristics of protected classifications under California or federal law, Financial information, Internet or other electronic network activity, Audiovisual information, Geolocation information, Professional or employment-related information, Education information, Inference information, Sensitive personal information. |
Financial institutions We may disclose Personal Data about employees to financial institutions in order to pay employee compensation. | Identifiers, Financial information, Professional or employment-related information. |
Benefit plans We may disclose Personal Data about employees or their dependents to our benefits providers in order to provide benefits to our employees and their dependents, such as health, dental, and disability insurance. | Identifiers, California Consumer Records law information, Characteristics of protected classifications under California or federal law, Inference information, Sensitive personal information (racial or ethnic origin). |
Professional Services Firms We may disclose Personal Data about job applicants or employees to professional services firms that help us comply with our legal and regulatory obligations and establish, enforce, and otherwise exercise our rights and defend against claims, including, for example, auditors, law firms, and consultants. | Identifiers, California Consumer Records law information, Characteristics of protected classifications under California or federal law, Financial information, Internet or other electronic network activity, Geolocation information, Audiovisual information, Professional or employment-related information, Education information, Inference information, Sensitive personal information. |
Parents, Affiliates, and Subsidiaries We may disclose Personal Data about job applications and employees to our business units, subsidiaries, joint ventures, brands, or other companies under our common control (collectively, “Affiliates”), in order to make employment or hiring decisions, to provide employ benefits and compensation, or to otherwise manage and operate our companies. When we disclose Personal Data about job applicants or employees to our affiliates, their collection, use, and disclosure of that Personal Data is subject to this Policy. | Identifiers, California Consumer Records law information, Characteristics of protected classifications under California or federal law, Financial information, Internet or other electronic network activity, Geolocation information, Audiovisual information, Professional or employment-related information, Education information, Inference information, Sensitive personal information. |
Government Entities We may disclose Personal Data about job applicants and employees to Government Entities and law enforcement officials, for various reasons, including as required by law or regulation or to confirm or verify a California resident’s right to work in the United States. | Identifiers, California Consumer Records law information, Characteristics of protected classifications under California or federal law, Financial information, Internet or other electronic network activity, Audiovisual information, Geolocation information, Professional or employment-related information, Education information, Inference information, Sensitive personal information. |
Merger and Acquisition Activity We may disclose Personal Data about job applicants or employees to third parties in connection with the proposed or actual financing, insuring, sale, securitization, assignment, or other disposal of all or part of our business or assets (including accounts) for the purposes of evaluating and performing the proposed transaction. | Identifiers, California Consumer Records law information, Characteristics of protected classifications under California or federal law, Financial information, Internet or other electronic network activity, Geolocation information, Audiovisual information, Professional or employment-related information, Education information, Inference information, Sensitive personal information. |
The CCPA requires us to state that we do not use or disclose sensitive personal information about job applicants or employees for purposes other than to perform the services reasonably expected by an average job applicant or employee who applies for a job or is employed by us; to prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted Personal Data; to resist malicious, deceptive, fraudulent, or illegal actions directed at us and to prosecute those reasonable for those actions; or to collect or process sensitive personal information where such collection or processing is for the purpose of inferring characteristics about a job applicant. We do not sell or share the Personal Data related to and collected through any job application or employment with us described in this section, and we have not done so in the past 12 months. For more information about how we sell Personal Data of California residents, see the California Consumer Privacy Act (CCPA) section. The CCPA requires us to state that we do not have actual knowledge that we have sold or shared Personal Data of job applicants or employees under 16 years of age. We do not have employees under 18 years of age.
12. Additional Information For Individuals In Colorado
We may be subject to the Colorado Privacy Act based on our interactions with Colorado residents and our use of their Personal Data. The Colorado Privacy Act provides Colorado residents enhanced rights with respect to their Personal Data when acting in an individual or household context. If you are using products and services in the context of your employment, this law may not apply to you. It does not apply to Colorado residents who are acting in commercial or employment contexts, as job applicants, or as beneficiaries of someone acting in an employment context.
In this section, “CPA Personal Data” refers to Personal Data that is linked or reasonably linkable to an identified or identifiable Colorado resident. CPA Personal Data does not include de-identified or publicly available information, as defined in the Colorado Privacy Act.
First, a Colorado resident may opt out of processing their CPA Personal Data for purposes of targeted advertising, the sale of their CPA Personal Data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning that Colorado resident.
Second, a Colorado resident has the right to confirm whether we are processing CPA Personal Data concerning them and to access their CPA Personal Data. As part of a request for access, the Colorado resident may also request to receive their CPA Personal Data in a portable and, if technically feasible, readily usable format.
Third, a Colorado resident may have the right to correct inaccuracies in their CPA Personal Data we hold.
Fourth, a Colorado resident may have the right to request we delete CPA Personal Data concerning them.
To exercise your rights, please call or email us using the information in the Contact Us section. If you email us, please put in the subject line of your email the right you are seeking to invoke: “Colorado Right to Opt Out,” “Colorado Right to Access,” “Colorado Right to Correct,” or “Colorado Right to Delete.”
You may submit multiple requests at once through our webform or in an email. Subject to certain exceptions, ordinarily there is no cost for submitting your first request; if you submit multiple requests in a twelve-month period, we may charge you a fee for answering your request. We are permitted to use commercially reasonable efforts to authenticate you are who you say you are, and if you are submitting the requesting on behalf of another, that you have the authority to do so. So, we may need to ask you for more information, in light of the rights exercised, the type, sensitivity, value, or volume of Personal Data, the level of possible harm if we improperly grant the request, and the cost to us. If we cannot authenticate you or your authority, we will deny the request.
If you submit a request, we will tell you what the result is of your request (including, if you submit a Right to Access, your CPA Personal Data) without undue delay and within 45 days after we receive your request. We may extend that deadline by 45 days, to 90 days in total, in some cases. If we extend the deadline, we will tell you that and why.
The Colorado Privacy Act includes exceptions for Personal Data regulated under other laws or maintained for certain reasons or in certain contexts. For example, the Colorado Privacy Act does not apply to publicly available information, including information that we reasonably believe Colorado residents have lawfully made available to the general public. As another example, we will not delete CPA Personal Data when it is necessary to maintain it to comply with a legal obligation.
If we don’t grant your request, we will tell you why we did not. You may appeal our decision by emailing us using the information in the Contact Us section with the subject line “Appeal of Request” and including our response to your request. We will also include this information in our response to your request. If you appeal our decision, we have 45 days to respond. We may also extend our deadline by 45 days, to 90 days in total, in some cases. If we extend the deadline, we will tell you that and why. If you have concerns about the results of your appeal, you may contact the Colorado attorney general.
In addition, when you visit our website, we may use the information we collect automatically through online interactions, as described above in the Cookie, Pixel, and Session Replay Policy section for targeted advertising, which we may disclose or make available to advertising and social media networks.
13. Additional Information For Individuals In Connecticut
We may be subject to the Connecticut Data Privacy Act based on our interactions with Connecticut residents and our use of their Personal Data. This law provides Connecticut residents enhanced rights with respect to their Personal Data when they are not acting solely in a commercial or employment context (such as a B2B communication) with interacting with us. If you are using our products and services in connection with employment, these disclosures are unlikely to apply to you.
In this section, “CTDPA Personal Data” refers to Personal Data that is linked or reasonably linkable to an identified or identifiable Connecticut resident. CTDPA Personal Data does not include de-identified or publicly available information, as defined in the Connecticut Data Privacy Act, or to information processed or maintained in the course of acting as an agent or independent contractor of us or another company, to the extent that the data is collected and used within the context of that role.
First, a Connecticut resident may have the right to confirm whether we are processing CTDPA Personal Data concerning them and to access their CTDPA Personal Data.
Second, a Connecticut resident may have the right to correct inaccuracies in their CTDPA Personal Data we hold.
Third, a Connecticut resident may have the right to request we delete CTDPA Personal Data concerning them.
Fourth, a Connecticut resident may also request to receive their CTDPA Personal Data in a portable and, if technically feasible, readily usable format.
Fifth, a Connecticut resident may opt out of processing their CTDPA Personal Data for purposes of targeted advertising, the sale of their CTDPA Personal Data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning that Connecticut resident.
To exercise your rights, please call or email us using the information in the Contact Us section. If you email us, please put in the subject line of your email the right you are seeking to invoke: “Connecticut Right to Access,” “Connecticut Right to Correct,” “Connecticut Right to Delete,” “Connecticut Right to Portability,” and “Connecticut Right to Opt Out.”
You may submit multiple requests at once through our webform or in an email. Subject to certain exceptions, ordinarily there is no cost for submitting your first request; if you submit multiple requests in a twelve-month period, we may charge you a reasonable fee to cover the administrative costs of complying with your requests or decline to act on your requests. For requests other than a Right to Opt Out, we are permitted to use commercially reasonable efforts to authenticate you are who you say you are and if you are making a request on behalf of another, that you have the authority to do so. If we are unable to do so, we may request that you provide additional information reasonably necessary to authenticate you. If we cannot authenticate you or your authority, we will deny the request. If you submit a Right to Opt Out request, we are permitted to deny the request if we have a good faith, reasonable and documented belief that the request is fraudulent, and we will tell you that and why.
If you submit a request, we will tell you what the result is of your request (including, if you submit a Right to Access, your CTDPA Personal Data) without undue delay and within 45 days after we receive your request. We may extend that deadline by 45 days, to 90 days in total, in some cases. If we extend the deadline, we will tell you that and why.
Connecticut’s law includes exceptions for Personal Data regulated under other laws or maintained for certain reasons or in certain contexts. For example, it does not apply to publicly available information, including information that we reasonably believe Connecticut residents have lawfully made available to the general public. As another example, we will not delete CTDPA Personal Data when it is necessary to maintain it to comply with a legal obligation.
If we don’t grant your request, we will tell you why we did not. You may appeal our decision by emailing us using the information in the Contact Us section with the subject line “Appeal of Request” and including our response to your request. We will also include this information in our response to your request. If you appeal our decision, we have 60 days to respond.
In addition, when you visit our website, we may use the information we collect automatically through online interactions, as described above in the Cookie, Pixel, and Session Replay Policy section for targeted advertising, which we may disclose or make available to advertising and social media networks.
14. Additional Information For Individuals In Montana
Beginning October 1, 2024, we may be subject to the Montana Consumer Data Privacy Act based on our interactions with Montana residents and our use of their Personal Data. This law provides Oregon residents enhanced rights with respect to their Personal Data when they are not acting in a commercial or employment context (such as a B2B communication) or as an employee, owner, director, officer, or contractor of an entity or agency when interacting with us. If you are using our products and services in connection with employment, these disclosures are unlikely to apply to you.
In this section, “MCDPA Personal Data” refers to Personal Data that is linked or reasonably linkable to an identified or identifiable Montana resident. MCDPA Personal Data does not include de-identified or publicly available information, as defined in the Montana Consumer Data Privacy Act, or to information processed or maintained in the course of acting as an agent or independent contractor of us or another company, to the extent that the data is collected and used within the context of that role.
First, a Montana resident may have the right to confirm whether we are processing MCDPA Personal Data concerning them and to access their MCDPA Personal Data.
Second, a Montana resident may have the right to correct inaccuracies in their MCDPA Personal Data we hold.
Third, a Montana resident may have the right to request we delete MCDPA Personal Data concerning them.
Fourth, a Montana resident may also request to receive their MCDPA Personal Data in a portable and, if technically feasible, readily usable format.
Fifth, a Montana resident may opt out of processing their MCDPA Personal Data for purposes of targeted advertising, the sale of their MCDPA Personal Data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning that Montana resident.
To exercise your rights, please call or email us using the information in the Contact Us section. If you email us, please put in the subject line of your email the right you are seeking to invoke: “Montana Right to Access,” “Montana Right to Correct,” “Montana Right to Delete,” “Montana Right to Portability,” and “Montana Right to Opt Out.”
You may submit multiple requests at once through our webform or in an email. Subject to certain exceptions, ordinarily there is no cost for submitting your first request; if you submit multiple requests in a twelve-month period, we may charge you a reasonable fee to cover the administrative costs of complying with your requests or decline to act on your requests. For requests other than a Right to Opt Out, we are permitted to use commercially reasonable efforts to authenticate you are who you say you are and if you are making a request on behalf of another, that you have the authority to do so. If we are unable to do so, we may request that you provide additional information reasonably necessary to authenticate you. If we cannot authenticate you or your authority, we will deny the request. If you submit a Right to Opt Out request, we are permitted to deny the request if we have a good faith, reasonable, and documented belief that the request is fraudulent, and we will tell you that and why.
If you submit a request, we will tell you what the result is of your request (including, if you submit a Right to Access, your MCDPA Personal Data) without undue delay and within 45 days after we receive your request.
Montana’s law includes exceptions for Personal Data regulated under other laws or maintained for certain reasons or in certain contexts. For example, it does not apply to publicly available information, including information that we reasonably believe Montana residents have lawfully made available to the general public. As another example, we will not delete MCDPA Personal Data when it is necessary to maintain it to comply with a legal obligation.
If we don’t grant your request, we will tell you why we did not. You may appeal our decision by emailing us using the information in the Contact Us section with the subject line “Appeal of Request” and including our response to your request. We will also include this information in our response to your request. If you appeal our decision, we have 60 days to respond.
In addition, when you visit our website, we may use the information we collect automatically through online interactions, as described above in the Cookie, Pixel, and Session Replay Policy section for targeted advertising, which we may disclose or make available to advertising and social media networks.
15. Additional Information For Individuals In Nevada
If you are a Nevada resident, Nevada law provides you with a limited right to opt out of the sale of certain types of your Personal Data that we may collect through the Internet, which Nevada law refers to as “covered information.”
We do not sell covered information under Nevada law.
Nonetheless, if you wish to exercise your right to direct us not to sell your covered information, please email us using the information in the Contact Us section, with the subject line “Nevada Right to Opt Out.” We are permitted to use commercially reasonable means to authenticate you are who you say you are. If we cannot authenticate you, we will deny the request.
If you submit a do-not-sell request, we will respond to your request within 60 days after we receive your request. We may extend that deadline by 30 days, to 90 days in total, if we determine it is reasonably necessary. If we extend the deadline, we will tell you that.
16. Additional Information for Individuals in Oregon
We may be subject to the Oregon Consumer Privacy Act based on our interactions with Oregon residents and our use of their Personal Data. This law provides Oregon residents enhanced rights with respect to their Personal Data when they are not acting in a commercial or employment context (such as a B2B communication) when interacting with us. If you are using our products and services in connection with employment, these disclosures are unlikely to apply to you.
In this section, “OCPA Personal Data” refers to Personal Data that is linked or reasonably linkable to an identified or identifiable Oregon resident. OCPA Personal Data does not include de-identified or publicly available information, as defined in the Oregon Consumer Privacy Act, or to information processed or maintained in the course of acting as an agent or independent contractor of us or another company, to the extent that the data is collected and used within the context of that role.
First, an Oregon resident may have the right to confirm whether we are processing OCPA Personal Data concerning them and to access their OCPA Personal Data.
Second, an Oregon resident may have the right to correct inaccuracies in their OCPA Personal Data we hold.
Third, an Oregon resident may have the right to request we delete OCPA Personal Data concerning them.
Fourth, an Oregon resident may also request to receive their OCPA Personal Data in a portable and, if technically feasible, readily usable format.
Fifth, an Oregon resident may opt out of processing their OCPA Personal Data for purposes of targeted advertising, the sale of their OCPA Personal Data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning that Oregon resident.
Sixth, an Oregon resident may have the right to request a list of third parties, other than natural persons, to which the Oregon resident’s OCPA Personal Data was disclosed.
To exercise your rights, please call or email us using the information in the Contact Us section. If you email us, please put in the subject line of your email the right you are seeking to invoke: “Oregon Right to Access,” “Oregon Right to Correct,” “Oregon Right to Delete,” “Oregon Right to Portability,” “Oregon Right to Opt Out,” and “Oregon Right to Third Party Access.”
You may submit multiple requests at once through our webform or in an email. Ordinarily there is no cost for submitting your first request; if you submit multiple requests in a twelve-month period, we may charge you a reasonable fee to cover the administrative costs of complying with your requests or decline to act on your requests. For requests other than a Right to Opt Out, we are permitted to use commercially reasonable efforts to authenticate you are who you say you are and if you are making a request on behalf of another, that you have the authority to do so. If we are unable to do so, we may request that you provide additional information reasonably necessary to authenticate you. If we cannot authenticate you or your authority, we will deny the request. If you submit a Right to Opt Out request, we are permitted to deny the request if we have a good faith, reasonable, and documented belief that the request is fraudulent, and we will tell you that and why.
If you submit a request, we will tell you what the result is of your request (including, if you submit a Right to Access, your OCPA Personal Data) without undue delay and within 45 days after we receive your request. In certain circumstances, we can extend our time to respond by 45 days, in which case we will tell you that and why.
Oregon’s law includes exceptions for Personal Data regulated under other laws or maintained for certain reasons or in certain contexts. For example, it does not apply to publicly available information, including information that we reasonably believe Oregon residents have lawfully made available to the general public. As another example, we will not delete OCPA Personal Data when it is necessary to maintain it to comply with a legal obligation.
If we don’t grant your request, we will tell you why we did not. You may appeal our decision by emailing us using the information in the Contact Us section with the subject line “Appeal of Request” and including our response to your request. We will also include this information in our response to your request. If you appeal our decision, we have 45 days to respond.
In addition, when you visit our website, we may use the information we collect automatically through online interactions, as described above in the Cookie, Pixel, and Session Replay Policy section for targeted advertising, which we may disclose or make available to advertising and social media networks.
17. Additional Information for Individuals in Texas
We may be subject to the Texas Data Privacy & Security Act based on our interactions with Texas residents and our use of their Personal Data. This law provides Texas residents enhanced rights with respect to their Personal Data when they are not acting in a commercial or employment context (such as a B2B communication) when interacting with us. If you are using our products and services in connection with employment, these disclosures are unlikely to apply to you.
In this section, “TDPSA Personal Data” refers to Personal Data that is linked or reasonably linkable to an identified or identifiable Texas resident. TDPSA Personal Data does not include de-identified or publicly available information, as defined in the Texas Data Privacy & Security, or to information processed or maintained in the course of acting as an agent or independent contractor of us or another company, to the extent that the data is collected and used within the context of that role.
First, a Texas resident may have the right to confirm whether we are processing TDPSA Personal Data concerning them and to access their TDPSA Personal Data.
Second, a Texas resident may have the right to correct inaccuracies in their TDPSA Personal Data we hold.
Third, a Texas resident may have the right to request we delete TDPSA Personal Data concerning them.
Fourth, a Texas resident may also request to receive their TDPSA Personal Data in a portable and, if technically feasible, readily usable format.
Fifth, a Texas resident may opt out of processing their TDPSA Personal Data for purposes of targeted advertising, the sale of their TDPSA Personal Data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning that Texas resident.
To exercise your rights, please call or email us using the information in the Contact Us section. If you email us, please put in the subject line of your email the right you are seeking to invoke: “Texas Right to Access,” “Texas Right to Correct,” “Texas Right to Delete,” “Texas Right to Portability,” and “Texas Right to Opt Out.”
You may submit multiple requests at once through our webform or in an email. Subject to certain exceptions, ordinarily there is no cost for submitting your first two requests; if you submit, pre requests in a twelve-month period, we may charge you a reasonable fee to cover the administrative costs of complying with your requests or decline to act on your requests. For requests other than a Right to Opt Out, we are permitted to use commercially reasonable efforts to authenticate you are who you say you are and if you are making a request on behalf of another, that you have the authority to do so. If we are unable to do so, we may request that you provide additional information reasonably necessary to authenticate you. If we cannot authenticate you or your authority, we will deny the request. If you submit a Right to Opt Out request, we are permitted to deny the request if we have a good faith, reasonable, and documented belief that the request is fraudulent, and we will tell you that and why.
If you submit a request, we will tell you what the result is of your request (including, if you submit a Right to Access, your TDPSA Personal Data) without undue delay and within 45 days after we receive your request. In certain circumstances, we can extend our time to respond by 45 days, in which case we will tell you that and why.
Texas’s law includes exceptions for Personal Data regulated under other laws or maintained for certain reasons or in certain contexts. For example, it does not apply to publicly available information, including information that we reasonably believe Texas residents have lawfully made available to the general public. As another example, we will not delete TDPSA Personal Data when it is necessary to maintain it to comply with a legal obligation.
If we don’t grant your request, we will tell you why we did not. You may appeal our decision by emailing us using the information in the Contact Us section with the subject line “Appeal of Request” and including our response to your request. We will also include this information in our response to your request. If you appeal to our decision, we have 60 days to respond.
In addition, when you visit our website, we may use the information we collect automatically through online interactions, as described above in the Cookie, Pixel, and Session Replay Policy section for targeted advertising, which we may disclose or make available to advertising and social media networks.
18. Additional Information For Individuals In Utah
We may be subject to the Utah Consumer Privacy Act based on our interactions with Utah residents and our use of their Personal Data. The Utah Consumer Privacy Act provides Utah residents enhanced rights with respect to their Personal Data when acting in an individual or household context, but not when acting in a commercial or employment context. If you are using our products and services in connection with employment or an application for employment, these disclosures are unlikely to apply to you.
In this section, “UCPA Personal Data” refers to Personal Data that is linked or reasonably linkable to an identified or identifiable Utah resident. UCPA Personal Data does not include de-identified or publicly available information, as defined in the Utah Consumer Privacy Act, or information processed or maintained in the course of acting as an agent or independent contract of us or another company, to the extent that the data is collected and used within the context of that role.
First, a Utah resident has the right to confirm whether we are processing UCPA Personal Data concerning them and to access their UCPA Personal Data.
Second, a Utah resident may have the right to request we delete UCPA Personal Data concerning them.
Third, a Utah resident may also request to receive their UCPA Personal Data that they provided to us in a portable and, if technically feasible, readily usable format.
Fourth, a Utah resident may opt out of processing their UCPA Personal Data for purposes of targeted advertising or the sale of their UCPA Personal Data.
To exercise your rights, please call or email us using the information in the Contact Us section. If you email us, please put in the subject line of your email the right you are seeking to invoke: “Utah Right to Access,” “Utah Right to Delete,” “Utah Right to Portability,” or “Utah Right to Opt Out.”
You may submit multiple requests at once in an email. Subject to certain exceptions, ordinarily there is no cost for submitting your first request; if you submit more than one request in a twelve-month period, we may charge you a reasonable fee to cover the administrative costs of complying with your requests or decline to act on your requests. We are permitted to use commercially reasonable efforts to authenticate you are who you say you are, and if we are unable to do so, we may request that you provide additional information reasonably necessary to authenticate you. If we cannot authenticate you or your authority, we will deny the request.
If you submit a request, we will tell you what the result is of your request (including, if you submit a Right to Access, your UCPA Personal Data) without undue delay and within 45 days after we receive your request. We may extend that deadline by 45 days, to 90 days in total, in some cases. If we extend the deadline, we will tell you that and why.
The Utah Consumer Privacy Act includes exceptions for Personal Data regulated under other laws or maintained for certain reasons or in certain contexts. For example, the Utah Consumer Privacy Act does not apply to publicly available information, including information that we reasonably believe Utah residents have lawfully made available to the general public. As another example, we will not delete UCPA Personal Data when it is necessary to maintain it to comply with a legal obligation.
In addition, when you visit our website, we may use the information we collect automatically through online interactions, as described above in the Cookie, Pixel, and Session Replay Policy section for targeted advertising, which we may disclose or make available to advertising and social media networks.
19. Additional Information for Individuals in Virginia
We may be subject to the Virginia Consumer Data Protection Act based on our interactions with Virginia residents and our use of their Personal Data. The Virginia Consumer Data Protection Act provides Virginia residents enhanced rights with respect to their Personal Data when acting in an individual or household context, but not when they are acting in a commercial or employment context. If you are using our products and services in connection with employment, these disclosures are unlikely to apply to you.
In this section, “CDPA Personal Data” refers to Personal Data that is linked or reasonably linkable to an identified or identifiable Virginia resident. CDPA Personal Data does not include de-identified or publicly available information, as defined in the Virginia Consumer Data Protection Act, or to information processed or maintained in the course of acting as an agent or independent contract of us or another company, to the extent that the data is collected and used within the context of that role.
First, a Virginia resident may opt out of processing their CDPA Personal Data for purposes of targeted advertising, the sale of their CDPA Personal Data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning that Virginia resident.
Second, a Virginia resident has the right to confirm whether we are processing CDPA Personal Data concerning them and to access their CDPA Personal Data.
Third, a Virginia resident may also request to receive their CDPA Personal Data in a portable and, if technically feasible, readily usable format.
Fourth, a Virginia resident may have the right to correct inaccuracies in their CDPA Personal Data we hold.
Fifth, a Virginia resident may have the right to request we delete CDPA Personal Data concerning them.
To exercise your rights, please call or email us using the information in the Contact Us section. If you email us, please put in the subject line of your email the right you are seeking to invoke: “Virginia Right to Opt Out,” “Virginia Right to Access,” “Virginia Right to Portability,” “Virginia Right to Correct,” or “Virginia Right to Delete.”
You may submit multiple requests at once in an email. Subject to certain exceptions, ordinarily there is no cost for submitting your first two requests; if you submit more than two requests in a twelve-month period, we may charge you a reasonable fee to cover the administrative costs of complying with your requests or decline to act on your requests. We are permitted to use commercially reasonable efforts to authenticate you are who you say you are, and if we are unable to do so, we may request that you provide additional information reasonably necessary to authenticate you. If we cannot authenticate you or your authority, we will deny the request.
If you submit a request, we will tell you what the result is of your request (including, if you submit a Right to Access, your CDPA Personal Data) without undue delay and within 45 days after we receive your request. We may extend that deadline by 45 days, to 90 days in total, in some cases. If we extend the deadline, we will tell you that and why.
The Virginia Consumer Data Protection Act includes exceptions for Personal Data regulated under other laws or maintained for certain reasons or in certain contexts. For example, the Virginia Consumer Data Protection Act does not apply to publicly available information, including information that we reasonably believe Virginia residents have lawfully made available to the general public. As another example, we will not delete CDPA Personal Data when it is necessary to maintain it to comply with a legal obligation.
If we don’t grant your request, we will tell you why we did not. You may appeal our decision by emailing us using the information in the Contact Us section with the subject line “Appeal of Request” and including our response to your request. We will also include this information in our response to your request. If you appeal our decision, we have 60 days to respond.
In addition, when you visit our website, we may use the information we collect automatically through online interactions, as described above in the Cookie, Pixel, and Session Replay Policy section for targeted advertising, which we may disclose or make available to advertising and social media networks.
20. Additional Information For Individuals in the European Economic Area or the United Kingdom
a. General
The General Data Protection Regulation (GDPR) governs processing of Personal Data by organizations in the European Economic Area or about individuals located in the European Economic Area. The current members of the European Economic Area are Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and Sweden.
The UK GDPR governs processing of Personal Data by organizations in the United Kingdom or about individuals located in the United Kingdom.
The controller of this website is Blue Mantis, Inc., which may be contacted using the information in the Contact Us section.
Basis for processing your Personal Data. We will process your Personal Data based upon your consent, based on legitimate interests, or as required by our legal obligations within the European Economic Area or United Kingdom. If you would like more information about the legitimate interests and bases for processing in particular processing operations, we invite you to contact us using the information in the Contact Us section.
Examples of Personal Data processed based upon your consent. If we are directing marketing communications to you, in your individual capacity, we do so with your consent unless an exception applies (such as to send you direct marketing about similar products or services to ones you have already purchased from us). If you wish to withdraw your consent, you may unsubscribe through the email or contact us using the information in the Contact Us section. Withdrawing your consent will not affect processing operations we have already completed based upon your consent.
Examples of Personal Data processed based upon legitimate interests. We may process your Personal Data for our legitimate interests or the legitimate interests of third parties, which include advertising or market and opinion research, as far as you have not objected to the use of your data; entering into a contract with a third party (which could include your employer) and performing our obligations under that contact; the examination and optimization of processes for needs analysis; the further development of services and products as well as existing systems and processes; the disclosure of Personal Data within the framework of due diligence in the course of company sale negotiations; the enrichment of our data, e.g., by using or researching publicly accessible data; statistical evaluations or market analysis; benchmarking; the assertion of legal claims and defense in legal disputes which are not directly attributable to the contractual relationship; the restricted processing of data, if a deletion is not possible or only possible with disproportionately high effort due to the special type of storage; the prevention and investigation of fraudulent or criminal offences, if not exclusively for the fulfilment of legal requirements; and complying with our legal obligations in countries outside of the European Economic Area or the United Kingdom. If you would like more information, or to object to a particular processing operation based upon legitimate interests, please contact us using the information in the Contact Us section.
Examples of Personal Data processed as required by our legal obligations. We may process your Personal Data if required by a legal obligation within the European Economic Area or United Kingdom, such as an obligation to maintain records or to respond to a data subject rights request.
Our use of automated decision-making. We may engage in automated decision-making or profiling in the course of our processing operations. We do not, however, engage in solely automated decision-making, including profiling, that in our view would produce legal effects or similarly significantly affect you.
b. Data Retention
We will retain Personal Data for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
c. Data Subject Rights
If the GDPR applies to your Personal Data, you may have the right to:
- access your Personal Data;
- rectify inaccurate Personal Data about you;
- erase of your Personal Data;
- place restrictions on processing your Personal Data;
- object to processing your Personal Data;
- receive your Personal Data in a portable format; and
- withdraw your consent for processing.
These rights are not absolute and may be subject to limitations or restrictions. For more information, or to exercise your rights, please contact us contact us using the information in the Contact Us section.
You also have the right to lodge a complaint with a supervisory authority. If you are in the European Economic Area or would like to contact a European supervisory authority, their contact information is here. If you are in the United Kingdom or would like to contact the UK Information Commissioner’s Office, you can do so here.
21. Additional Information For Individuals in Canada
The Personal Information Protection and Electronic Documents Act, and similar provincial acts, may apply to how and why we may collect, use, and disclose your Personal Data. These laws do not apply to your business contact information. If these laws apply to your Personal Data, we may process your Personal Data if you have given us specific permission (i.e., express consent) to do so for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time. There may be may additional, specific situations where we may process your Personal Data for other reasons. Please contact us using the information in the Contact Us section for more information.
22. Additional Information For Individuals in India
If you are located in India, you may have additional rights under Indian law.
Basis for processing your Personal Data. We will process your Personal Data based upon your consent or for other certain legitimate uses, such as for the purpose for which you provided us with your Personal Data, to comply with our legal obligations, and for employment purposes.
If we are processing your Personal Data with your consent, you may be able to withdraw your consent. Withdrawing your consent will not affect processing operations we have already completed based upon your consent.
Indian law may also give you the right to:
- Access your Personal Data
- Obtain the names of any third parties to whom we have disclosed your Personal Data
- Correct, update, or erase your Personal Data
- Grievance redressal
For more information, or to exercise your rights, please contact us using the information in the Contact Us section.
23. Updates to this Privacy Statement
We may update this privacy statement from time to time. The “effective date” at the top of this privacy statement indicates when this privacy statement was last revised. Any changes are effective when we post the revised privacy statement on the Sites. We encourage you to routinely review this privacy statement to learn about updates to our privacy practices.
24. Contact Us
For more information or if you have questions or concerns about our privacy practices, please contact us by email [email protected] , by telephone at (800) 989-2989, or by mail at:
2 International Drive
Suite #260
Portsmouth, New Hampshire 03801
United States