Privacy Policy

Privacy Policy

Compliance Core

Compliance Core Privacy Notice Your privacy is important to us. This Privacy Notice explains how Compliance Core collects, uses, and discloses personal data that we handle on our own behalf collected via https://www.compliancecore.com (the “Website”). This Privacy Policy does not apply to other online services and applications operated by Compliance Core, and any information that we handle as a processor or service provider to our customers. We have also provided below certain privacy notices applicable to Compliance Core employees who are California residents for purposes of the California Consumer Privacy Act of 2018 (“CCPA”). PERSONAL DATA THAT COMPLIANCE CORE COLLECTS AND PURPOSE OF USE The following table describes what data is being collected through the Website, in what manner, and for what purposes it may be processed:


How data is collected What data is collected For what purposes this data is processed Category of data collected for CCPA purposes (relevant for California residents only)
In the course of downloading white papers or other information collateral from the Website.
Full name, contact information (email and phone number), job title, company name
To contact you occasionally regarding Compliance Core’s services and products, subject to applicable laws (for example, where required, subject to your consent). Even if you authorize Compliance Core to contact you, your authorization may be revoked/withdrawn by you at any time and you may opt out of Compliance Core’s mailing lists by following the unsubscribe instructions in each of the emails you receive or by contacting us as described below.
· Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name or other similar identifiers (collectively “Identifiers”).
· Professional or employment-related information.
While completing contact forms or interacting with the chatbot on the Website.
Full name, contact information (email and phone number), job title, company name; any free text that you choose to provide – please avoid using free text to provide personal information about you or others; transcripts of conversations which take place using the chatbot.
To contact you if you or someone in your organization requests a product demonstration or product information, or otherwise to respond to your request, as applicable. To contact you occasionally regarding Compliance Core’s services and products, subject to applicable laws (for example, where required, subject to your consent). Even if you authorize Compliance Core to contact you, your authorization may be revoked/withdrawn by you at any time and you may opt out of Compliance Core’s mailing lists by following the unsubscribe instructions in each of the emails you receive or by contacting us as described below. To respond to inquiries and assist you when interacting with the chatbot.
· Identifiers.
· Professional or employment-related information.
When registering for a webinar or other event on the Website; or other ad hoc forms that we may add to the website on occasion.
Full name, contact information (email and phone number), job title, company name, country, professional interest and preferences that may relate to the event or occasion for which the form is available.
To process your registration and participation in the webinar or other event to which you have registered. To contact you occasionally regarding Compliance Core’s services and products, subject to applicable laws (for example, where required, subject to your consent). Even if you authorize Compliance Core to contact you, your authorization may be revoked/withdrawn by you at any time and you may opt out of Compliance Core’s mailing lists by following the unsubscribe instructions in each of the emails you receive or by contacting us as described below.
· Identifiers.
· Professional or employment-related information.
When applying for a position with Compliance core through the Website.
Processing of personal data of Compliance Core applicants is subject to, and governed by, Compliance Core’s Applicants Privacy.
Data that you provide passively (by using the Website, by navigating the screens, clicking on buttons, etc.)
Information that you have read, the web pages you visited, offers and services that were of interest to you, the location of the computer and the Internet Protocol (IP) address through which you had access to the Website, clicks that the users clicked while on the website (e.g., downloads, view of a video, shares to social media, scroll depth, links clicked).
Improve, modify and update Compliance Core services and content offered on the Website. To monitor and ensure the orderly and proper operation and development of the Website and associated services. To analyze and provide statistical information to third parties. To improve and customize your experience and the content that is presented to you on the Website.
· Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement.
When purchasing services via the Website.
Full name, address, email, password, answers to security questions, company name, credit card information.
To process payment for the applicable services, to establish an account for return customers and to provide customer service activities.
· Identifiers.
· Categories of personal information described in Section 1798.80 of the CA Civil Code
· Commercial information
· Internet or other electronic network activity information
· Professional or employment-related information.


In addition, Compliance Core may process personal data collected via the Website:

  • For any other purpose specified in this Privacy Notice and/or in our Terms of Use.
  • To contact you as and when Compliance Core believes it to be necessary for technical, administrative or security reasons.
  • To prevent, detect and fight fraud, security threats, or other illegal or unauthorized activities.
  • To ensure legal compliance with legal requirements that apply to us and you.
  • To ensure compliance with the Terms of Use that apply to us and you.
  • For the purposes described under the sections titled “Sharing of Information with Third Parties” and “Cookies”.

We will explicitly indicate the fields designated for mandatory completion. If you do not enter the requisite data in the mandatory fields, you will not be able to complete the relevant contact form. It is important that you understand there is no requirement by

law for you to provide Compliance Core with your personal details – the information you share with us is entirely voluntary.

By providing any personal data to Compliance Core, you warrant and represent that the information you provide is complete, accurate and correct. Your failure to do so will likely result in Compliance Core being unable to contact you about your inquiries. It is your responsibility to update Compliance Core if any of the information you provided is no longer correct or accurate and inform Compliance Core of the required updates.

It is important that you understand there is no requirement by law for you to provide Compliance Core with your personal details – the information you share with us is entirely voluntary, and you may avoid providing such information either by not filling in specific forms or by disabling cookies (please see more information on that in the Cookies section).

OUR LEGAL BASIS FOR PROCESSING

We will only process your personal information on our own behalf where we have a legal basis to do so. The following are the legal bases under which we process your information in the manners specified above:

  • As permitted by applicable law.
  • Legal obligation – we may process your personal information as necessary to comply with the law (not including contractual obligations).
  • Performance of a contract to which Compliance Core and you are parties.
  • Legitimate interests – we may use your personal data where we have legitimate interests to do so. For instance, we analyze users’ behavior on the Website to continuously improve it and we process information for administrative, fraud detection and other legal purposes.
  • Consent – where no other legal basis for processing applies, we may process your personal data based on your consent as you will be asked to provide from time to time.

JOINT CONTROLLERSHIP

Currently, Compliance Core does not jointly determine the purposes and means of processing the Website personal data with any third-party (a “joint controller”). If a joint controller situation is established regarding your personal data, the essence of the legal arrangement between Compliance Core and such other controller shall be made available to you upon request.

SHARING OF INFORMATION WITH THIRD PARTIES

We do not, and currently do not intend to, sell any of your personal data to any third party. Compliance Core will not transfer your personal details, or any information collected pertaining to your activities on the Website (provided that such details and information identify you personally), to any third party, except in the following cases or as otherwise outlined in this Privacy Notice.

If Compliance Core reasonably believes that you have breached the Terms of Use, or performed any act or omission that Compliance Core reasonably believes to be violating any applicable law, rules, or regulations, Compliance Core may share your

information with law enforcement and other competent authorities and with any third party that may consult Compliance Core or assist in connection with any such breach as may be required to handle any result of your wrongdoing; including without limitation, in order to contain, remediate, prevent, investigate any such breach, and/or establish or exercise any of Compliance Core’s legal rights.

Further, your personal data may be disclosed:

  • As permitted or required by, or in response to lawful requests by applicable local law enforcement agencies or regulatory agencies, or agencies with responsibility to oversee and enforce national security,
  • In any case of dispute, or legal proceeding of any kind between you and Compliance Core, or between you and other users or third parties,
  • In any case where Compliance Core may reasonably believe that sharing information is necessary to prevent serious damage to you or to your property or to any third party or their property, and
  • If Compliance Core organizes the operation of the Website within a different framework, or through another legal structure or entity, or if Compliance Core is acquired by, or merged with another entity, provided however, that those entities agree to be bound by the provisions of this Privacy Notice.

Compliance Core may share personal data with its service providers for the purpose of helping Compliance Core execute certain tasks outsourced to them, or providing capabilities Compliance Core requires. The service providers to which Compliance Core provides personal data in connection with the personal data collected through the Website are: (1) email service providers for email campaigns management and to send you emails on our behalf, with the express provision that their use of such information must comply with our instructions; (2) recruiting service providers, in relation to activities on the Website related to submission and processing of resumes and job applications through the Website; (3) registration management of users to events through the website; (4) billing, processing payments, marketing automation, Compliance Core advertisements on social media, CRM platform, analytics tools providers, web page building tools, cloud services, support and maintenance operation tools. Our service providers do not have any right to use your personal data collected from the Website beyond what is necessary for the purpose of facilitating their services for us and are subject to data protection agreements to the extent required under applicable law.

Compliance Core is also entitled to transfer or share anonymous, statistic or aggregative information with companies or organizations connected to Compliance Core, and with suppliers, business partners, advertisers, and every third party, according to Compliance Core’s absolute discretion.

DATA TRANSFERS AND GLOBAL PROCESSING

The Website may be operated in countries other than your own location, and your personal data may be accessed and/or processed from and/or transferred to countries other than your own location. We may do this where data is accessed/processed:

  • by Compliance Core sales, business partners, operational or customer support teams wherever located, as detailed on the Website; and
  • By our service providers, for the purposes we specified above under the section “Sharing of Information with Third Parties”.

By consenting to the collection and use of your personal information, you agree to your personal information being transferred and stored in this manner and for the specified purposes.

The safeguards we deploy for performing such transfers across boundaries:

  • Consent. In the absence of an adequacy decision or Model Clauses, and in the absence of any other right to transfer your data, your consent shall serve as the basis for such transfer. By accessing and using the Website, you agree and understand that your information may be transferred from the EEA or other countries in which you may be using or accessing the Website, to other jurisdictions outside your own location (including outside the EEA). The transfer will be to such third parties as described under “Sharing of Information with Third Parties”.

CHILDREN’S PRIVACY

Compliance Core does not knowingly collect personal data from minors who are under the age of 16 through the Website without appropriate consent. If a parent or guardian becomes aware that his or her child has provided us with personally identifiable information via the Website without his/her consent, then he or she should contact Compliance Core at the information described below. If we become aware that a child under the age of 16 has provided us with personally identifiable information, we will delete such information from our files.

COOKIES

A cookie is a small text file that is stored in your web browser that allows Compliance Core or a third party (such as Compliance Core third party service providers) to recognize you. Cookies might be used for the following purposes: (1) to enable certain functions; (2) to provide analytics; (3) to store your preferences; and (4) to enable ad delivery and behavioral advertising. Cookies can either be session cookies or persistent cookies. A session cookie expires automatically when you close your browser. A persistent cookie will remain until it expires or you delete your cookies. Expiration dates are set in the cookies themselves; some may expire after a few minutes while others may expire after multiple years. Cookies placed by the website you’re visiting are sometimes called “first party cookies,” while cookies placed by other companies are sometimes called “third party cookies.”

When you access and/or use the Website, Compliance Core or a third party may place a number of cookies in your browser. Some of the cookies will only be used if you use certain features or select certain preferences, and some cookies will always be used.

Each cookie serves one of four different purposes:

  • Essential Cookies: These first party cookies allow users to use a feature of the Website such as: (i) staying logged in, or (ii) making purchases.
  • Analytics Cookies: These cookies track information about how the Website is being used so that we can make improvements and report on our performance. We may also use analytics cookies to test new ads, pages or features to see how users react to them. Analytics cookies may either be first party or third-party cookies.
  • Preference Cookies: These first party cookies store your Website preferences.
  • Ad Targeting Cookies: These third-party cookies (also known as “behavioral” or “targeted” advertising are placed by advertising platforms or networks in order to: (i) deliver ads and track ad performance, and (ii) enable advertising networks to deliver ads that may be relevant based upon your activities.

We use additional technologies to help track user activities and preferences. For example, we use web beacons (also known as clear gifs, pixel tags or web bugs). Web beacons are tiny graphics (about the size of period) with a unique identifier that are embedded invisibly on web pages or emails. They are used to track user activities and communicate with cookies. You cannot opt out of web beacons used in webpages, but you can limit their use by opting out of the cookies they interact with. You can opt out of web beacons used in emails by setting your email client to render emails in text mode only.

Finally, we may set cookies that monitor links to our website that we send to you (if you have consented to receiving emails from us). These cookies are used to track visitors to our Website sourced from these emails. To avoid these types of cookies, please follow the explanation below on how to change your browser cookies settings.

In addition, we may use a tracking technology (pixels) in emails to understand how often our emails are opened and clicked on by our customers. If you do not wish this tracking to be effected, please change your email software or service (such as outlook, Gmail, etc.) settings to not automatically download images (to the extent it is not already your default). In some instances, depending on your email or browser settings, cookies in an email may be automatically accepted (for example, when you have added an email address to your address book or safe senders list). Please refer to your email browser or device instructions for more information on this.

Third party companies like analytics companies and ad networks generally use cookies to collect user information on an anonymous basis. They may use that information to build a profile of your activities on the Website and other websites that you have visited.

If you do not like the idea of cookies or certain types of cookies, you can change your browser’s settings to delete cookies that have already been set and to not accept new cookies. To learn more about how to do this, visit the help pages of your browser. Some useful information can also be found here: https://www.allaboutcookies.org/ Please note, however, that if you delete cookies or do not accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.

INTEREST-BASED ADVERTISING

We engage in interest-based advertising to deliver advertisements and personalized content that we believe will be of interest to you. Advertisements, emails, and other messages may be delivered to you by Compliance Core or its service providers based on your online or mobile behavior, your search activity, your geographic location or

other information that is collected by us or obtained by such third parties using cookies (such as your clicking on our paid ads in Google or other social networks).

In addition, we and our business partners use third parties to establish deterministic or probabilistic connections among devices (such as smartphones, tablets, and computers) to deliver more relevant advertising to you and for advertising analytics and reporting purposes. This means that information about your use of websites or applications on your current device may be combined with information from your other devices. We also may share this information and other inferences with third parties to allow them to target advertising, personalize content, or analyze behavior. This allows, for example, advertisements you see on your tablet to be based on activities you engaged in on your smartphone. These business partners may share and combine information from cookies with identifiers (such as device IDs assigned by Google or Apple) and IP addresses to make connections among related devices. This also allows for a more personalized experience across the Website.

If you have any questions about our Cookie policy, you may contact us via the contact information listed below.

SOCIAL MEDIA FEATURES

The Website includes social media plugins such as LinkedIn. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the plugin to function properly. Social media features are governed by the privacy policy of the company providing it.

LINKS TO THIRD PARTY SITES

This Website may contain links to other sites that are not owned or controlled by Compliance Core. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave our site and to read the privacy statements of each web site that collects personally identifiable information. This privacy statement applies only to information collected by this Website.

DATA SECURITY

Compliance Core implements data security systems and procedures to secure the information stored on Compliance Core computer servers. Such systems and procedures reduce the risk of security breaches, but they do not provide absolute security. Therefore, Compliance Core cannot guarantee that the Website is immune to unauthorized access to the information stored therein and to other information security risks.

DATA RETENTION PRACTICES

Subject to your right to deletion as required by law, we will retain your information for as long as is reasonably necessary to engage with you in relation to the interaction for which we collected your information or as otherwise permitted by applicable law. We will also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and to enforce our agreements.

GDPR DISCLOSURE

You may have the rights prescribed below in relation to personal data processed by us if you are a data subject in the European Economic Area or your personal data is otherwise governed by the EU General Data Protection Regulation 2016/679 (“GDPR”):

  • The right to be informed about how your personal data is being used.
  • The right of access to your personal data processed by us, which includes the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and the purposes of the processing; categories of personal data concerned; recipients or categories of recipient to whom the personal data have been or will be disclosed; where possible, the envisaged period for which the personal data will be stored; the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling; the appropriate safeguards relating to the transfer of your personal data outside the EEA.
  • The right to request the correction of inaccurate personal data we hold about you.
  • Under some circumstances, the right to request that we delete your data,
  • The right to restrict processing of your personal data.
  • The right to object to processing activities, if the processing is based on our legitimate interest.
  • The right to withdraw consent for processing at any time, if the processing is based on consent.
  • The right to object to processing of personal data for direct marketing purposes at any time.
  • In some circumstances, the right to request that we transfer or port elements of your data either to you or another service provider – if the processing is based on your consent and is made by automated means.
  • The right to file a complaint with your Supervisory Authority (in the EEA, as prescribed by GDPR).

You may exercise these rights to the extent these rights apply to you by contacting Compliance Core via the contact information listed below. We will undertake to respond to your request within the applicable time frame prescribed by applicable law, and in any event, we will make efforts to respond within 30 days of receipt of your request. Although Compliance Core will make reasonable efforts to accommodate your requests, in some circumstances, we may deem your request unfounded or not eligible under applicable law. If that should happen, Compliance Core expressly reserves the right to refuse your request personal data. Before Compliance Core is able to accommodate any request, provide you with any information or correct any inaccuracies, we may verify your identity by requesting certain information or identification.

CCPA DISCLOSURE

This section is only applicable to California residents for purposes of compliance with the California Consumer Privacy Act of 2018 (“CCPA”). Defined terms used in this section, including but not limited to “Business Purpose”, “Consumers,” “Personal Information” and “Sale” (or “Sell”) are used as such terms are defined by and interpreted pursuant to the CCPA.

The categories of Personal Information we have collected about Consumers, of which we have disclosed for a business purpose, in the preceding 12 months are (please refer to the table at the top of this Privacy Notice for more detail):

  1. Identifiers, such as name and Social Security number,
  2. Personal information, as defined in the California safeguards law, such as contact information and financial information,
  3. Characteristics of protected classifications under California or federal law, such as sex and marital status,
  4. Internet or network activity information, such as browsing history and interactions with the Website,
  5. Geolocation data, such as device location,
  6. Professional or employment-related information, such as work history and prior employer,
  7. Education information, such as school and date of graduation, and
  8. Inferences drawn from any of the Personal Information listed above to create a profile about, for example, an individual’s preferences and characteristics.

The sources we have collected this Personal Information from are: directly from California residents or their representatives.

In the past 12 months, however, we have not “sold” Personal Information relating to California residents within the meaning of the CCPA. For purposes of this Privacy Notice, “sold” means the disclosure of Personal Information for monetary or other valuable consideration.

If you are a California resident, you may request that we disclose to you the following information covering the 12 months preceding your request:

  1. The categories of Personal Information that we collected about you and the categories of sources from which we collected such Information,
  2. The business or commercial purpose for collecting Personal Information about you,
  3. The categories of Personal Information about you that we disclosed to third parties for a business purpose and the categories of third parties to whom we disclosed such Personal Information (if applicable), and
  4. The specific pieces of Personal Information we collected about you.

If you are a California resident, you may also request that we delete Personal Information that we collected from you.

Before Compliance Core is able to accommodate any respond to any request, we may ask to verify your identity by providing us with certain information or identification. In some instances, we may decline to honor your request. For example, we may decline to honor your request if we cannot verify your identity or confirm that the Personal

Information that we maintain relates to you, or if we cannot verify that you have the authority to make a request on behalf of another individual. In other instances, we may decline to honor your request where an exception applies, such as where the disclosure of Personal Information would adversely affect the rights and freedoms of another consumer or where the Personal Information that we maintain about you is not subject to the CCPA’s access or deletion rights, such as information relating to our employees and contractors that is used for our employment and vendor management purposes.

Nonetheless, you have the right to be free from unlawful discrimination for exercising your rights under the CCPA.

CALIFORNIA AND DELAWARE “DO NOT TRACK” DISCLOSURES

California and Delaware law require to indicate whether we honor “Do Not Track” settings in your browser concerning targeted advertising. Compliance Core adheres to the standards set out in this Privacy Notice and does not monitor or respond to Do Not Track browser requests.

VIDEO AND PHOTOGRAPHY

Please be aware that Compliance Core will be taking photographs and video in public areas of any events you may register to through the Website (session rooms, exhibit halls, etc.). We may use such media in marketing materials, educational products, and publications. Your image and the sound of your voice may be recorded. If you are identified during the recording, or identify yourself by name, that information may be included in our materials. Recordings may be edited, copied, exhibited, published, or distributed.

CHANGES TO THIS PRIVACY POLICY

From time to time, Compliance Core may change the terms of this policy. Changes will take effect once they are posted online. If you do not agree with any of the amended terms, you must avoid any further use of the Website.

INQUIRIES OR CONCERNS?

You may contact Compliance Core and make the requests permitted pursuant to applicable law by:

  • sending an email to contactus@compliancecore.com
  • calling +1 404 612-1118