COLLECTION OF YOUR PERSONAL DATA: You may provide Acorio with Personal Data that may include, but not be limited to, your e-mail address, name, date of birth, home or work address and/or telephone number. We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Policy unless otherwise required or permitted by law. As is true of most applications and websites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. To collect this information, when you use our products /services or visit our website, a “cookie” may be set on your device or computer. Cookies contain a small amount of information that allows our web servers to recognize you whenever you visit. We store information that we collect through cookies, log files and/or clear gifs to create a “profile” of your preferences. We do not tie your Personal Data to information in the profile. We use this information that we collect, which does not identify individual users, to analyze trends, to administer our products/services and/or our website and to gather demographic information about our user base as a whole. We do not provide this information to outside parties other than set forth in this Policy. No Personal Data is stored in cookies and we do not link collected data to Personal Data.
USE: Our products/services use your Personal Data to improve our services to you by improving our products/services’ performance. Except as set forth in this Policy, we will not use, disclose, or transfer your Personal Data or the Personal Data of others you have provided us unless (1) you expressly authorize us to do so; (2) it is necessary to allow our service providers or Agents to provide services for us, (3) it is necessary in order to provide our products/services to you (and contacting you when necessary), (4) we are sending you other information that may be useful to you, (5) subject to applicable contractual or legal restrictions, it is disclosed to entities that perform marketing services on our behalf or to other entities with whom we have joint marketing agreements, (6) it is necessary to protect the confidentiality or security of your records, (7) subject to applicable contractual or legal restrictions, it is necessary in connection with a sale of all or substantially all of the assets of Acorio or the merger of Acorio into another entity or any consolidation, share exchange, combination, reorganization, or like transaction in which Acorio is not the survivor, (8) it is necessary in connection with other business purposes including, without limitation, customer care, service quality, business management and operation, risk assessment, security, fraud and crime prevention/detection, monitoring, research and analysis, marketing, customer purchasing preferences and trends and dispute resolution, (9) it is necessary to comply with law enforcement, governmental mandate, or other legal requirement, if appropriate, for your protection or in connection with an investigation or prosecution of possible unlawful activity; (10) it is necessary for us to provide it to our attorneys, accountants, regulators, auditors or other advisors; or (11) it is otherwise necessary for us to disclose it as required or permitted by law.
When you choose to provide us with Personal Data about third-parties, we will only use this data for the specific reason for which you elect to provide it. It is your responsibility to ensure that when you disclose to Acorio Personal Data of individuals other than yourself – such as your contacts, your users or other third-parties – you abide by applicable privacy and data security laws, including informing users and third-parties that you are providing their Personal Data to Acorio, informing them of how it will be transferred, used, or processed, securing appropriate legal permissions and safeguards required for such disclosures, transfers and processing. If you choose to provide Acorio with a third-party’s Personal Data (such as name, email, and phone number), you represent that you have the third-party’s permission to do so. You also acknowledge that when we interact with such third-party individuals whose Personal Data you share with us, it is our duty to inform them that we obtained their Personal Data from you.
PROCESSING OF YOUR PERSONAL DATA: We use your Personal Data for the purposes outlined below:
On the basis of fulfilling our contract with you or entering into a contract with you on your request, in order to:
- Create and manage your account, when needed to access communications and services;
- Verify your identity and entitlement to products/services, when you contact us or access our services;
- Process your purchase transactions;
- Update you on the status of your orders;
- Provide you with technical and customer support.
On the basis of your consent, in order to:
- Subscribe you to a newsletter, send product updates or technical alerts;
- Send you marketing communications and information on new products, services and assets;
- Communicate with you about, and manage your participation in contests, offers or promotions;
- Solicit your opinion or feedback, provide opportunities for you to test software;
- Provide you with interest-based ads on sites other than our own.
On the basis of legal obligations, we are obligated to, for instance, keep records for tax purposes or answer compelling orders and provide information to public authorities.
On the basis of our legitimate interest in the effective delivery of our products/services and communications to you as well as to our other customers and partners, in order to:
- Communicate commercial promotions and provide quotes for our products/services;
- Research and implement product/services improvements and product/services updates;
- Evaluate and improve the performance and quality of our products/services and websites;
- Provide you with a customized experience when you visit our websites;
- Allow interoperability within our applications;
- Secure our systems and applications;
- Allow for the provisioning of services;
- Enforce our legal rights; and
- Share your data with partners for sales conversions and lead generation.
We will only process Sensitive Personal Information relating to you for specific purposes outlined above or in relevant product/services notices, because either: 1) You have given us your explicit consent to process such data; or 2) The processing is necessary to carry out our obligations under employment, social security or social protection law; 3) The processing is necessary for the establishment, exercise or defense of legal claims; or 4) You have made such data public.
On the basis of our legitimate interest, we and our third-party partners, may combine the data we collect from you over time from our websites, products/services with data obtained from other sources. We combine your data with other sources to improve user experience on our websites and services we provide.
On the basis of legitimate interest, we process Personal Data for network and information security purposes. Pursuant to Recital (49) of the EU General Data Protection Regulation (“GDPR”), organizations have a recognized legitimate interest in collecting and processing Personal Data to the extent strictly necessary and proportionate for the purposes of ensuring network and information security. According to said Recital (49), network and information security means the ability of a network or of an information system to resist events, attacks or unlawful or malicious actions that could compromise the availability, authenticity, integrity and confidentiality of stored or transmitted data, or the security of the related services offered by, or accessible via those networks and systems. Both as an organization in our own right, and as a provider of services which may include hosted and managed computer emergency and security incident response services, it is in our legitimate interests as well as in our customers’, as laid down in Article 6(1)(f) of the GDPR, to collect and process Personal Data to the extent strictly necessary and proportionate for the purposes of ensuring the security of our own, and of our customers’ networks and information systems. This includes the development of threat intelligence resources aimed at maintaining and improving on an ongoing basis the ability of networks and systems to resist unlawful or malicious actions and other harmful events (“cyber-threats”). The Personal Data we process for said purposes includes, without limitation, network traffic data related to cyber-threats such as:
- sender email addresses (e.g., of sources of SPAM);
- recipient email addresses (e.g., of victims of targeted email cyberattacks);
- reply-to email addresses (e.g., as configured by cybercriminals sending malicious email);
- filenames and execution paths (e.g., of malicious or otherwise harmful executable files attached to emails);
- URLs and associated page titles (e.g., of web pages broadcasting or hosting malicious or otherwise harmful contents); and/or
- IP addresses (e.g., of web servers and connected devices involved in the generation, distribution, conveyance, hosting, caching or other storage of cyber-threats such as malicious or otherwise harmful contents).
Depending on the context in which such data is collected, it may contain Personal Data concerning you or any other data subjects. However, in such cases, we will process the data concerned only to the extent strictly necessary and proportionate to the purposes of detecting, blocking, reporting (by removing any personally identifiable elements) and mitigating the cyber-threats of concern to you, and to all organizations relying on our products/services to secure their networks and systems. When processing Personal Data in this context, we will not seek to identify a data subject unless strictly indispensable to the remediation of the cyber-threats concerned, or required by law.
If you believe that your Personal Data was unduly collected or is unduly processed by Acorio for such purposes, please refer to the “Your Privacy Rights” and “Contact Us” sections below. Please be aware that if it is determined that Personal Data concerning you is processed by Acorio because it is necessary for the detection, blocking or mitigation of convicted cyber-threats, in line with GDPR Article 21(1), objection, rectification or erasure requests may be rejected. It is our compelling legitimate interests to protect our organization and our customers from cyber threats, and therefore our interest may override your objection, rectification or erasure requests until you demonstrate the measures necessary to dissociate your Personal Data from any identified cyber-threat.
MARKETING AND COMMUNITY NETWORKING: Acorio has a legitimate interest in promoting our commercial offerings and to optimize the delivery of communications to that effect to our customers and audiences that are most likely to find them relevant. We will therefore collect and process data to that end as explained below. However, where we are legally required to obtain your consent to provide you with certain marketing materials, and we will only provide you with such marketing materials where we have obtained such consent from you. If you do not want to continue receiving any marketing materials from us, you can click on the unsubscribe function in the communication or e-mail, or click on the following link: Preference Center.
Messages: In addition to the purposes described above, we may, in compliance with applicable legal requirements, use your Personal Data to provide you with advertisements, promotions and information about products/services tailored to you and your needs. This may include demographic data or trend data provided by third-parties, where permitted. Contact details, including phone numbers, mail and email addresses, may be used to contact you. If you do not want us to use your Personal Data in this way, you can simply choose not to consent to such use of your data on the webpages and/or forms through which such Personal Data is collected. You can also exercise this right at any time by contacting us as explained below.
Data from Third-Parties: Third-parties may provide us with Personal Data they have collected about you from you or from further online and offline sources, such as marketing data from our partners and third-parties that is combined with information we already have about you, to provide you with more relevant communications and better tailored offers. We make reasonable efforts to verify that the third-parties we engage for such purposes are reputable and law-abiding and we will not solicit them to disclose to us Personal Data we do not have a lawful purpose to collect and process. However, we are not liable for any processing of your Personal Data by such third-parties prior to, during or after them providing it to us. We may combine such Personal Data with the Personal Data we already have about you to provide you with a better experience, evaluate your interest in our products/services or improve the quality of our offerings.
HOW WE DISCLOSE YOUR PERSONAL DATA: We do not sell, lease, rent or give away your Personal Data. We only disclose your Personal Data as described below, within Acorio, with our partners, with service providers that process data on our behalf and with public authorities, as required by applicable law. Processing is only undertaken for the purposes described in this Policy and the relevant product/services privacy notices. If we disclose your Personal Data, we require its recipients to comply with adequate privacy and confidentiality requirements, and security standards.
Partners: We may provide your Personal Data to our partners for the purpose of allowing them to conduct Acorio business. Our partners go through our third-party risk management and assessment process and only after that are they authorized to promote and sell our products/services. Our partners may use your Personal Data to communicate with you and others about Acorio products/services. If you do not wish to receive promotional emails from our partners, you can unsubscribe directly using the unsubscribe link or tool provided in the partner’s email or other communication to you. Acorio’s web-site may contain links to third-party websites, products, and services. Information collected by third parties, which may include such things as contact details, is governed by such third-party privacy practices. We encourage you to learn about the privacy practices of those third parties.
Service Providers Processing Data on Our Behalf: We may use contractors and service providers to process your Personal Data on our behalf for the purposes described in this Policy and the relevant product/services privacy notices. We contractually require service providers to keep data secure and confidential and we do not allow our data processors to disclose your Personal Data to others without our authorization, or to use it for their own purposes. However, if you have an independent relationship with these service providers their privacy statements will apply to such relationships. Such service providers may include in particular contact centers, payment card processors and marketing/survey/analytics suppliers.
Public Authorities: In certain instances, it may be necessary for Acorio to disclose your Personal Data to public authorities or as otherwise required by applicable law. No Personal Data will be disclosed to any public authority except in response to:
- A subpoena, warrant or other process issued by a court or other public authority of competent jurisdiction;
- A legal process having the same consequence as a court-issued request for data, in that if Acorio were to refuse to provide such data, it would be in breach of local law, and it or its officers, executives or employees would be subject to liability for failing to honor such legal process;
- Where such disclosure is necessary for Acorio to enforce its legal rights pursuant to applicable law;
- A request for data with the purpose of identifying and/or preventing credit card fraud; or
- Where such disclosure of Personal Data is necessary to prevent or lessen a serious and imminent threat of bodily or other significant harm to the data subject or other individuals potentially concerned.
SECURITY OF YOUR PERSONAL DATA: To make sure your Personal Data is secure, we communicate our privacy and security guidelines to Acorio employees and strictly enforce privacy safeguards within Acorio. Acorio secures your Personal Data, and the Personal Data of others on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. Acorio protects your information using technical, physical, and administrative security measures to reduce the risk of loss, misuse, unauthorized access, disclosure or modification of your information. Some of our safeguards include firewalls, data encryption, physical access controls, and administrative informational controls. While we have employed security technologies and procedures to assist safeguarding the information we collect from or about our users and their devices, no system or network can be guaranteed to be completely secure. However, no data transmission over the Internet can be guaranteed as 100% secure. As a result, while we strive to protect your information, we cannot ensure or warrant the security of any information you transmit to us or receive from us. Some measures that we employ to protect your Personal Data include:
Physical Safeguards: We lock doors and file cabinets, control access to our facilities, implement a clean desk policy, and apply secure destruction to media containing your Personal Data.
Technology Safeguards: We use network and information security technologies such as anti-virus and endpoint protection software, encryption, intrusion detection and data loss prevention, and we monitor our systems and data centers to ensure that they comply with our security policies.
Storage of Your Personal Data: The data we collect from you may be stored, with risk-appropriate technical and organizational security measures applied to it, on in-house as well as third-party servers in the United States.
MANAGING YOUR PERSONAL DATA:
How long we retain or store your Personal Data: We will hold your Personal Data on our systems for the longest of the following periods: 1) As long as necessary to maintain our ongoing business relationship, or as needed to provide you with the products/services or information which you are entitled to or can otherwise reasonably expect to receive from us; 2) For as long as necessary for the purpose for which we collected it or for which you supplied it to us in accordance with any product/services relevant activity or process; 3) Any retention period that is necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements; or 4) The end of the period in which litigation or investigations might arise in respect of our business relations or other interactions with you.
For the sake of clarity in the event that Acorio is a data controller processing your Personal Data for our own purposes, your Personal Data will be deleted or de-identified when it is no longer needed for its originally stated processing purposes, or any additional compatible purpose for which Acorio may lawfully further process such data. Moreover, where Acorio is a data processor processing your Personal Data for the purposes and on the instructions of another data controller or data processor, we will comply with the time limits agreed with that other Controller or Processor unless we are compelled by applicable laws and regulations to delete such data sooner, or to retain it further.
Access to Personal Data: You can help ensure that your contact information and preferences are accurate, complete, and up to date by logging in to your account, and advising us of changes. For other Personal Data we hold, we will provide you with access for any purpose including to request that we correct the data if it is inaccurate or delete the data if Acorio is not required to retain it by law or for legitimate business purposes. We may decline to process requests that are frivolous/vexatious, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by local law. Access, correction, or deletion requests can be made per the Privacy Questions section below.
YOUR PRIVACY RIGHTS: Subject to applicable laws, as an individual data subject, you may have the right:
- a) to ask us to provide you with information regarding the Personal Data we process concerning you;
- b) to rectify, update or complement inaccurate or incomplete Personal Data concerning you;
- c) to delete or request the erasure of Personal Data concerning you;
- d) in certain circumstances to obtain of us that we restrict the way in which we process Personal Data concerning you;
- e) to withdraw any consent you may have given for us to process Personal Data concerning you;
- f) to object to our processing of Personal Data concerning you on the basis of our, or of third- parties’ legitimate interests;
- g) to obtain of us the portability of Personal Data concerning you which we process using automated means on the basis of your consent or of a contract you have entered into with us; and
- h) to the extent applicable, in the European Economic Area, to lodge a privacy complaint with a supervisory authority if you are unhappy with the way we have handled your Personal Data or any privacy query or request that you have raised with us.
Where your exercise of any of the rights above is dependent on Acorio’s action, we will abide by our legal obligation to take reasonable measures to ascertain your identity and the legitimacy of your request, and may ask you to disclose to us any information necessary for that purpose. We will respond to legitimate request within 1 (one) calendar month or 31 (thirty-one) calendar days (whichever is longer). In certain limited circumstances, we may need to extend our response period as permitted by applicable law. Pursuant to any such requests, we may retain certain data necessary to prevent fraud or future abuse or as otherwise required or permitted by law, including to comply with legal obligations we are subject to, as well as to establish, exercise and defend our legal claims.
NO INFORMATION COLLECTED FROM CHILDREN: We understand the importance of taking extra precautions to protect the privacy and safety of children. Accordingly, we do not knowingly collect, use or disclose Personal Data from children under 13, or equivalent minimum age in the relevant jurisdiction, without verifiable parental consent. If we learn that we have collected the Personal Data of a child under 13, or equivalent minimum age depending on jurisdiction, without first receiving verifiable parental consent we will take steps to delete the information as soon as possible.
NOTICE: Notice will be provided in clear and conspicuous language if and when individuals are asked to provide Personal Data to Acorio, or as soon as practicable thereafter, and in any event, before Acorio uses or discloses the information for a purpose other than that for which it was originally collected.
CHOICE: Acorio will offer individuals the opportunity to choose (opt-out) whether their Personal Data is (a) to be disclosed to a non-Agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Personal Information, Acorio will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of the information to a non-Agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Acorio will provide individuals with reasonable mechanisms to exercise their choices.
ACCESS AND CORRECTION: Upon request, Acorio will grant individuals reasonable access to Personal Data that it holds about them. In addition, Acorio will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.