Code42 Privacy Statement

Effective: May 18, 2018

Code42 Software, Inc. knows that you care about your personal data, and your privacy is important to us. This Privacy Statement explains what personal data we collect, how we use that data and your privacy rights.

This Privacy Statement applies to personal data that we collect through a Code42 website and in connection with our events, and sales and marketing activities. Please see our Applicant Privacy Statement for information about personal data that we collect in connection with employee recruiting. This Privacy Statement provides the following information:

Personal data that we collect
How we use personal data
When we share personal data
How long we retain personal data
When we transfer personal data internationally
How we secure personal data
Our Privacy Shield certification
Your privacy rights
Conditions of Use, Notices and Revisions
Links to other sites
Personal data from children
How to contact us
Code42 affiliates
Examples of personal data

Personal data that we collect
The following are examples of the types of personal data that we collect. The specific information will depend on how you interact with Code42:

  • Data you provide to us:  We collect information that you enter on our website or send to us electronically.  We also collect data from you offline, such as when you attend one of our events, during phone calls with sales representatives, or when you contact customer support.  See some examples below of personal data that we collect. You can choose not to provide some information, but that will limit our ability to communicate with you or fulfill your requests.
  •  Data we collect automatically:  We collect information about your device and network automatically when you interact with our website.  We also receive information through cookies, clear GIFs, pixel tags and other similar technologies.  This data often does not reveal your identity directly, but in some countries (including the European Economic Area) it is considered personal data. See some examples below of the data we collect automatically.  For additional information about our use of cookies and similar technologies, please our Cookie Notice.
  • Data we receive from other sources: We receive information from third parties, such as channel partners, social media platforms, joint marketing partners, and other data providers.  We also receive personal data from a referral or a commercial lead source, in which case we will send you an email letting you know that we have received your personal data, the type of data received and the source, along with a link to this Privacy Statement. We combine this data with other data about you that we hold.  See some examples below of the data we receive from other sources.

How we use personal data
Code42 relies on a variety of information to operate our business. In some instances, this information is (or could be) identified with you, and that information is referred to as personal data in this Privacy Statement. We use personal data to:

  • provide products and services to you and fulfil other requests you have (for EU data subjects, this use is necessary to perform our contract with you or to fulfil your request);
  • evaluate the frequency, duration and patterns of usage of our website to improve the user experience (for EU data subjects, this use is necessary for our legitimate interest in understanding how users experience our website);
  • update and expand our records with new information, and analyze our records to identify potential customers by understanding your role in your organization (for EU data subjects, this use is based on your consent to receiving communication about our products and services that may be of interest to you); and
  • contact you with tailored advertising for products and services that may be of interest to you based on products and services that have been of interest to customers with similar characteristics.  Where required by applicable law (for example, if you are a EU data subject), we will only send you marketing information by email if you consent to us doing so at the time you provide us with your personal data (in which case your consent is our legal basis for processing your personal data for that purpose).
When we share personal data
We share your personal data as necessary to operate our business. We do not sell your information to others or share it except as described below.
  • Code42 affiliates:  Code42 may use affiliates that it controls to provide products, services or support to you, and we transfer your personal data to those affiliates.  Those affiliates will process your personal data as data controllers in accordance with this Privacy Statement.  See “Code42 Affiliates” for more information about Code42’s affiliates.
  • Business partners:  Code42 shares your personal data with resale partners to fulfill product and information requests.  We engage in joint sales or product promotions with select business partners and share your contact data with those partners if you consent to sharing when you express interest in the product or promotion.
  • Service providers:  Code42 uses other companies and individuals to provide services on its behalf.  For example, we use vendors to assist with marketing, billing, payment processing and data analysis.  Those service providers have access to the personal data required to provide their services and are prohibited from using the personal data for any other purpose.
  • Business transfers:  In the event that Code42 or substantially all of its assets are acquired, the personal data held by Code42 will be one of the transferred assets.
  • Protection of Code42 and others:  Code42 shares personal data when required by law or to respond to legal process, to protect customers or others, to maintain the security of our products, and to protect the rights or property of Code42.
  • Community website and blog users: Any information that you post on our community pages or blog is publicly available and will be accessed through search engines or other publicly available platforms.  It may be “crawled” or searched by third parties.
  • With your consent:  Except as described above, we will provide you with notice when your personal data will be shared with third parties, and you can choose not to share that information.

How long we retain personal data
Code42 will retain personal data while we have a justifiable business need to do so, unless a longer retention period is required or permitted by law (such as tax, legal, accounting or other purposes). For example, for personal data processed to provide you tailored advertising, we retain your data until it is unlikely that you will purchase our products or services, based on purchasing patterns of other customers. You can request deletion of your personal data at any time (see “Your Privacy Rights” for further information) and we will consider your request in accordance with applicable laws.

When we have no justifiable business need to process your personal data, we will either delete or anonymize it. If this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

When we transfer personal data to other countries
Code42 is headquartered in the United States, and we have entities, operations and service providers in the United States and throughout the world. We and our service providers transfer your personal data to, or access it from, counties other than the one in which you are located. These countries may have data protection laws less stringent than, or different from, the laws in effect in the country in which you are located. We will take steps to ensure that your personal data receives an adequate level of protection where it is processed. For additional information, see “How does our Privacy Shield certification apply?”

How we secure personal data
Code42 uses administrative, organizational, technical and physical safeguards to protect your personal data. For example, we use physical access controls, encryption, Internet firewalls, intrusion detection and network monitoring depending on the type of data. We require our service providers to use appropriate security measures.

How our Privacy Shield certification applies
Code42 participates in, and has certified its compliance with, the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List.

Code42 is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Code42 complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Code42 is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the Privacy Shield Principles, Code42 commits to resolve complaints about our processing of your personal data. Individuals with inquiries or complaints regarding our Privacy Statement should first contact Code42 at privacy@code42.com.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge).

Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Your privacy rights
  • Updating Your Information: If you would like to update personal data that you have provided to us, please contact us at privacy@code42.com.
  • Marketing Communications: You can opt-out of receiving marketing communications from us by clicking “unsubscribe” in any marketing email communications we send you, or by unsubscribing at on.code42.com/go/email-unsubscribe-page.
  • Additional Rights for the EEA and Certain Other Territories: If you are located in in certain territories (such as the European Economic Area), you have the right to exercise other privacy rights available to you under applicable laws.These additional rights are described below:Right not to provide consent or to withdraw consent: We rely on your consent to process certain personal data. Where we do so, you have the right not to provide your consent or to withdraw your consent at any time. You can revoke consent to receiving marketing communications from us by clicking “unsubscribe” in any marketing email communications we send you, or by unsubscribing at on.code42.com/go/email-unsubscribe-page.  You can revoke consent generally by sending an email to privacy@code42.com.

    Right of access: You have the right to access the personal data that we hold about you.

    Right of erasure: In certain circumstances, you have the right to the erasure of personal data (for example if it is no longer necessary for the purposes for which it was originally collected, or if you withdraw your consent).

    Right to object to processing: You have the right to request that Code42 stop processing your personal data and we will do so if we are processing your personal data for marketing, or if we are relying on our legitimate interest to process your personal data – unless we demonstrate compelling legitimate grounds to continue the processing.

    Right to data portability: You have the right to obtain the personal data that you consented to give us or that was provided to us to perform our contract with you.  We will give you your personal data in a structured, commonly used and machine-readable format.  You may reuse it elsewhere.

    Right to rectification: You have the right to require us to correct any inaccurate or incomplete personal data.

    Right to restrict processing: You have the right to request that we restrict processing of your personal data in certain circumstances (for example, where you believe that the personal data we hold about you is not accurate or lawfully held).

    Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your personal data, you can report it to the data protection authority that is authorized to hear those concerns.

 

If you would like to exercise any of the above rights, please contact privacy@code42.com so that we can consider your request under applicable law. To protect your privacy and security, we will take appropriate steps to verify your identity before complying with the request.

Conditions of Use, Notices and Revisions
If you choose to visit a Code42 website, your visit and any dispute over privacy is subject to this Privacy Statement and our website terms of use. If you have any concern about privacy at Code42, please contact us with a thorough description, and we will try to resolve it. Our business changes constantly, and our Privacy Statement will change also. We may email periodic reminders of our notices and conditions, but you should check our website frequently to see recent changes. If required by applicable law, we will notify you of any material changes to this Privacy Statement. Unless stated otherwise, our current Privacy Statement applies to all information that we have about you. But we will never materially change our policies and practices to make them less protective of personal data collected in the past without the consent of affected individuals.

Links to other sites
Our website provides links to other websites through direct links or through applications such as “Share” or “Like” buttons. Other websites may contain links to the Code42 website or services. We do not control those sites or their privacy practices, which differ from those described in our Privacy Statement. The personal data you choose to give to unrelated parties is not covered by this Privacy Statement.

Personal data from children
Our website, products and services are not directed to individuals under the age of 14. We do not knowingly collect personal data from those individuals. If you become aware that a child has provided us with personal data, please contact us at privacy@code42.com. If we become aware that a child under the age of 14 has provided us with personal data, we will take steps to delete the information.

How you can contact us
If you have any questions about this Privacy Statement, you can write to us or any of our affiliates at privacy@code42.com or by mail at:

Code42 Software, Inc.
100 Washington Ave. S, 20th Floor
Minneapolis, MN 55401
United States
Attn: General Counsel

Our EU Data Representative is Code 42 Software UK LTD. You can contact our EU Data Representative at privacy@code42.com or by mail at:

Code 42 Software UK LTD
Third Floor – The Pearce Building
West Street, Maidenhead SL6 1RL
United Kingdom
Attention: General Counsel

Code42 affiliates

Code 42 Software UK LTD
Third Floor – The Pearce Building
West Street, Maidenhead SL6 1RL
United Kingdom

Code42 Software GmbH
Luise-Ullrich-Straße 20
80636 München
Deutschland

Examples of personal data
  • Data you provide: The personal data you provide directly to us may include contact information such as your name, address, telephone number or email address. It may also include professional information, such as your job title, department or job role, as well as the nature of your request or communication. We also collect information you choose to provide to us when completing any ‘free text’ boxes in our forms (for example, for event sign-up, support request or survey submission). In addition, we collect personal data disclosed by you on our message boards, chat features, blogs and our other services to which you are able to post information and materials.
  • Data we collect automatically:  We automatically collect certain information when you use or access our website or receive electronic communications. This includes information about the specific device you are using, such as the hardware model, operating system version, web browser software (such as Firefox, Safari, or Internet Explorer) and your Internet Protocol (IP) address/MAC address/device identifier.  We also automatically collect certain information such as: statistics on your activities on the website; information about how you came to and used the website; broad geographic location (e.g. country or city-level location) and other technical data collected through cookies, pixel tags and other similar technologies that uniquely identify your browser; and confirmation when you open an electronic communication. We also collect information about how your device has interacted with our website, including pages accessed and links clicked.
  • Data we receive from other sources:  Examples of the information we receive from other sources include: contact information, event attendance information, job role and public employment profile, information about your product or service interests or preferences.

TRUSTe