Code42 Privacy Statement
Effective: August 31, 2020
Code42 Software, Inc. ("Code42") knows that you care about your personal data, and your privacy is important to us. This Privacy Statement describes the personal data we collect and how we use or share that data. It also explains your rights regarding our processing of your personal data.
This Privacy Statement applies to personal data collected by us through a Code42 website, in connection with our events, and sales and marketing activities, and from customers of our products and services where we act as a controller of the personal data. Please see our Applicant Privacy Statement for information on personal data we collect about job applicants. This Privacy Statement provides the following information:
- Personal data we collect
- How we use personal data
- When we share personal data
- How long we retain personal data
- When we transfer personal data internationally
- How we secure personal data
- Our Privacy Shield certification
- Your privacy rights
- Conditions of use, notices and revisions
- Links to other sites
- Personal data from children
- How to contact us
- Code42 affiliates
1. Personal data we collect
The following are types of personal data we collect. The specific information we collect will depend on how you interact with Code42.
Data you provide to us. We collect personal data directly from you when:
- You enter information on our website or send to us electronically (including information you choose to provide when completing any 'free text' boxes in our forms) to express interest in obtaining additional information about our products and services, sign up for a webinar, event or contest, download certain content or submit survey responses.
- You attend one of our events.
- You engage with sales representatives, including during phone calls.
- You contact customer support.
- You post on our message boards, chat features, blogs and other Code42 services to which you are able to post information and materials.
- You visit our offices and register as a visitor.
The personal data you provide directly to us may include your name, address, telephone number, email address, billing information, job title, department or job role, as well as the nature of your request or communication.
You can choose not to provide some information, but doing so may limit our ability to communicate with you or fulfill your requests.
Data we collect automatically. When you interact with our website or receive electronic communications from us, we automatically collect information, including:
- Information about your device and network. This includes information about the specific device you are using, such as the hardware model, operating system version, web browser and your Internet Protocol (IP) address/MAC address/device identifier.
- Information through cookies, clear GIFs, pixel tags and other similar technologies This includes statistics on your activities on the website, pages accessed and links clicked; information about how you came to and used the website; broad geographic location (e.g. country or city-level location) and other technical data collected through cookies, pixel tags and other similar technologies that uniquely identify your browser; and confirmation when you open an electronic communication.
Data we receive from other sources: We receive information from third parties, such as channel partners, social media platforms, joint marketing partners, referral or commercial lead sources and other data providers. In certain circumstances, we will send you an email letting you know that we have received your personal data, the source of the data, and a link to this Privacy Statement.
Personal data we receive from these sources includes name, email address, phone number, event attendance information, job role, public employment profile, and information about your product or service interests or preferences.
We may combine this information we receive from other sources with other personal data we hold about you and use it as described in this Privacy Statement.
2. How we use personal data
Code42 relies on a variety of information to operate our business. We collect and process your personal data for the following purposes. Where required by law, we obtain your consent to use and process your personal data for these purposes. Otherwise, we rely on another authorized legal basis to collect and process your personal data.
- Provide products and services to you and fulfill other requests you have, including support requests, as necessary to perform our contract with you. Where we have not entered into a contract with you, our processing of your personal data is based on our legitimate interest to provide you with the content you request;
- Evaluate the frequency, duration and patterns of usage of our website to improve the user experience. This use is necessary for our legitimate interest in understanding how users experience our website);
- Update and expand our records with new information, and analyze our records to identify potential customers by understanding your role in your organization (for EU data subjects, this use is based on your consent to receiving communication about our products and services that may be of interest to you); and
- Contact you with tailored advertising for products and services that may be of interest to you, including information about our products, promotions, and events as necessary for our legitimate interest or to the extent you have provided consent.
- Register you as a visitor to our offices and manage non-disclosures you may be required to sign to the extent such processing is necessary for our legitimate interest in protecting our offices and our confidential information against unauthorized access.
- Manage event registrations and attendance to plan and host events or webinars for which you have registered or that you attend, including sending related communications to you, to perform our contract with you;
- Manage contests or promotions you register for, which is necessary to perform our contract with you.
3. When we share personal data
We share your personal data as necessary to operate our business. We do not sell your personal data and do not share it except as described below.
- Code42 affiliates: Code42 may use affiliates that it controls (see “Code42 affiliates” below) to provide products, services or support to you. We transfer your personal data to those affiliates, and they will process your personal data as data controllers in accordance with this Privacy Statement.
- Business partners: Code42 shares your personal data with resale partners to fulfill product and information requests. We engage in joint sales or product promotions with select business partners and share your contact information with those partners if you consent to sharing when you express interest in the product or promotion.
- Service providers: Code42 uses other companies and individuals to provide services on its behalf, such as to assist with marketing, billing, customer support, payment processing and data analysis. These service providers have access to the personal data required to provide their services and are prohibited from using your personal data for any other purpose.
- Professional advisers: Code42 may share personal data with professional advisers acting as service providers, processors, or joint controllers - including lawyers, bankers, auditors, and insurers to the extent we are legally obliged to share or have a legitimate interest in sharing your personal data.
- Event partners: If you attend an event or webinar organized by us, Code42 may share your personal data with partners or sponsors of the event or webinar. If required by applicable law, you may consent to such sharing by opting-in via the registration form. In these circumstances, your information will be subject to the partner’s privacy statements. If you do not wish for your information to be shared you can opt-out in accordance with Section 8 below.
- Business transfers: In the event that Code42 or substantially all of its assets are acquired or Code42 is involved in a merger, dissolution, sale of all or a portion of its assets, or other fundamental corporate transaction, we reserve the right to sell or transfer your personal data as part of the transaction.
- Protection of Code42 and others: Code42 shares personal data when required by law or to respond to legal process, to protect customers or others, to maintain the security of our products, and to protect the rights or property of Code42.
- Community website and blog users: Any information that you post on our community pages or blog is publicly available and will be accessed through search engines or other publicly available platforms. It may be "crawled" or searched by third parties.
- With your consent: Except as described above, we will provide you with notice when your personal data will be shared with third parties, and you can choose not to share that information.
4. How long we retain personal data
Code42 will retain your personal data for as long as needed to fulfill the purpose for which it is collected, and as required or permitted by law (such as tax, legal, accounting or other purposes). See Section 8 for information on your rights for storage of your personal data. We will consider your request in accordance with applicable laws.
5. When we transfer personal data internationally
Code42 is headquartered in the United States with entities, operations and service providers in the United States and throughout the world. Your personal data may be transferred outside your jurisdiction, including to countries that are not subject to an adequacy decision by the European Commission and that may not provide for the same level of data protection as your jurisdiction (such as the EEA). We ensure that the recipient of your personal data offers an adequate level of protection and security by entering into agreements with written assurances from services providers, including standard contractual clauses for the transfer of data as approved by the European Commission where appropriate, and in reliance on the Swiss-US Privacy Shield Framework.
6. How we secure personal data
Code42 uses administrative, organizational, technical and physical safeguards to protect your personal data. We use physical access controls, encryption, Internet firewalls, intrusion detection and network monitoring depending on the type of data. We also require our service providers to use appropriate security measures. If you have questions about the security of our website, products, or services, please contact us at email@example.com.
7. Our Privacy Shield certification
Code42 has certified its compliance with, the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries, the United Kingdom and Switzerland to the Framework's applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce's Privacy Shield site at https://www.privacyshield.gov.
Code42 is responsible for the processing of the personal data it receives under each Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. Code42 complies with the Privacy Shield Principles for all onward transfers of personal data from Switzerland, including the onward transfer liability provisions to the United States.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Code42 is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we are required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, Code42 commits to resolve complaints about our collection or use of your personal data. EU, UK and Swiss individuals with inquiries or complaints regarding our Privacy Statement should first contact Code42 at firstname.lastname@example.org.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration by going to https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint when other dispute resolution procedures have been exhausted.
8. Your privacy rights
Updating your information: If you would like to update the personal data you have provided to us, please contact us at email@example.com.
Marketing communications: You can opt-out of receiving marketing communications from us by clicking "unsubscribe" in any marketing email communications we send you, or by unsubscribing at on.code42.com/go/email-unsubscribe-page.
Additional rights for the EEA and certain other territories: If you are located in certain territories (such as the European Economic Area and United Kingdom), you have the right, under certain circumstances, to exercise the following privacy rights available to you under applicable data protection laws:
Right not to provide consent or to withdraw consent: We rely on your consent to process certain personal data. Where we do so, you have the right not to provide your consent or to withdraw your consent at any time. You can revoke consent to receiving marketing communications from us by clicking "unsubscribe" in any marketing email communication we send you, or by unsubscribing at https://www.code42.com/preference/.
- You can revoke consent generally by sending an email to firstname.lastname@example.org.
- Right of access: You have the right to access the personal data that we hold about you.
- Right of erasure: In certain circumstances, you have the right to request the deletion of your personal data.
- Right to object to processing: You have the right to request that Code42 stop processing your personal data and we will do so if we are processing your personal data for marketing, or if we are relying on our legitimate interest to process your personal data – unless we demonstrate compelling legitimate grounds to continue the processing.
- Right to data portability: You have the right to obtain the personal data that you consented to give us or that was provided to us to perform our contract with you. We will provide your personal data in a structured, commonly used and machine-readable format, and you may reuse it elsewhere.
- Right to rectification: You have the right to require us to correct any inaccurate or incomplete personal data.
- Right to restrict processing: You have the right to request that we restrict processing of your personal data in certain circumstances, to the extent permitted by applicable data laws.
- Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your personal data, you can report it to the data protection authority that is authorized to hear those concerns.
To exercise your rights, please contact email@example.com. Code42 will consider your request in accordance with applicable and will respond within a reasonable timeframe. To protect your privacy and security, we will take appropriate steps to verify your identity before complying with the request.
California Privacy Right:
The California Consumer Protection Act (CCPA) provides California consumers with specific rights regarding the processing of their personal information. You have the ability to request that Code42:
- provide details about the categories of personal information that we collect about you, including how we use and share it;
- provide you access to the personal information we collect about you; and
- delete the personal information we have about you.
To exercise your rights, please contact firstname.lastname@example.org. Code42 will consider your request in accordance with applicable law and respond within a reasonable timeframe. To protect your privacy and security, we will take appropriate steps to verify your identity before complying with the request.
9. Conditions of use, notices and revisions
10. Links to other sites
Our website provides links to other websites through direct links or through applications such as "Share" or "Like" buttons. Other websites may contain links to the Code42 website or services. We do not control those sites or their privacy practices, which differ from those described in our Privacy Statement. The personal data you choose to give to unrelated parties is not covered by this Privacy Statement, and we encourage you to review their privacy policies.
11. Personal data from children
Our website, products and services are not directed to individuals under the age of 16. We do not knowingly collect personal data from those individuals. If you become aware that a child has provided us with personal data, please contact us in accordance with Section 12 below. If we become aware that a child under the age of 16 has provided us with personal data, we will take steps to delete the information.
12. How to contact us
If you have any questions about this Privacy Statement, you can write to us or any of our affiliates at email@example.com or by mail at: firstname.lastname@example.org or by mail at:
Code42 Software, Inc.
100 Washington Ave. S, 20th Floor
Minneapolis, MN 55401
Attn: General Counsel
Our EU Data Representative is Code 42 Software UK LTD. You can contact our EU Data Representative at email@example.com or by mail at:
Code42 Software UK LTD
Third Floor – The Pearce Building
West Street, Maidenhead SL6 1RL
Attention: General Counsel
13. Code42 affiliates
Code42 Software UK LTD
Third Floor – The Pearce Building
West Street, Maidenhead SL6 1RL
Code42 Software GmbH