PLATFORM PRIVACY POLICY

Last Updated: September 16, 2020

1. INTRODUCTION

This Platform Privacy Policy describes Explorium Ltd.’s (“Explorium,” “us,” or “we”) privacy practices related to information Explorium receives or collects from its partners, customers (“Customers”), and end users of Customers’ products and services (“Customers End Users”) when Customers use Explorium’s automated data discovery platform (“Platform”). Customers have separate agreements with Explorium governing our provision of services and Customers’ use of the Platform (“Agreements”). Those Agreements may contain additional obligations with respect to our handling of information, and nothing in this Platform Privacy Policy derogates from such additional obligations.

This Platform Privacy Policy does not apply, however, to Explorium’s privacy practices regarding information collected through Explorium’s publicly accessible website, https://www.explorium.ai/, or Explorium’s marketing activities, which are described under our Website Privacy Policy. To view the Website Privacy Policy, please click here.

2. YOUR DATA AND HOW WE RECEIVE OR COLLECT IT

Two types of data are pertinent to our ability to fulfill business or commercial purposes, including: (1) information that Customers decide, in their full discretion, to insert into the Platform where such information relates to the Customers’ End Users, including such Customer End Users’ Technical Information, Behavioral Information, and Personal Information (collectively, “Customer End User Data”); and (2) information that we collect from Customers in connection with their use of the Platform, including such Customers’ name, billing information, employees and representatives who are authorized by Customers to use the Platform, their email, phone number, address, or other contact details, or Technical Information or Behavioral Information related to Customers, their employees, or representatives (collectively, “Platform Usage Data”). Either way, we never collect information directly from a Customer End User.

Customer End User Data and Platform Usage Data may include:

1. Technical information related to a Customer End User’s or Customer’s use of a mobile device or computer, including: browser type, operating system, device type and model, system language, memory, OS version, Wi-Fi status, screen resolution, and IP address (“Technical Information”).

1. Information related to a Customer End User’s use of Customer’s applications and services, or Customer’s use of the Platform, including where a Customer End User clicked, scrolled, focused (i.e. zoom), and navigated to a Customer’s site or application or information related to clicks on links contained in an email (“Behavioral Information”).

• Information that, directly or when combined or cross-referenced with other information, identifies an individual, such as names, addresses, credit cards or other financial information, health information, any other type of sensitive personal information, and—in some jurisdictions—IP addresses (“Personal Identifiable Information” or “PII”).

We may collect Customer End User Data or Platform Usage Data through the following methods:

• When provided voluntarily by a Customer (g., when a Customer contacts us, or through a Customer’s disclosure of Customer End User Data per the Customer’s own privacy policy). Customers have sole control over their property (including their websites and applications) and the means by which they collect PII from their End Users. Customers insert information, including PII, into the Platform at their sole discretion and as required for Explorium to assist Customers with their decision-making functions and model building. Customers are solely responsible for obtaining permission from Customer End Users before disclosing their PII to us. When a Customer discloses PII to us, we serve as its processing service provider (“processor,” per the General Data Protection Regulation (“GDPR”)) and process its data according to the Customer’s instructions and authorizations as provided in the Agreement(s) between the Customer and Explorium.
• From third-party analytics providers, which collect information when Customers use the Platform. g., we may use FullStory’s analytics service to better understand those who use our Platform. To view FullStory’s privacy policy, please click here.
• From publicly available sources, such as public social media profiles and information made available from federal, state, or local government records for public access.
• To the extent permitted by law, we may receive additional information such as corporate information, geographic locations, contact details, and other information through the various business support tools and services that we use (“Partners”). We also may receive or collect information through public and open-data sources such as, public web pages, social media sites, review sites, and governmental listings. We may combine information received through these sources with other information we collect to improve Platform.

3. HOW WE USE YOUR DATA FOR BUSINESS AND COMMERCIAL PURPOSES

The way we use data depends on whether such data constitutes Customer End User Data or Platform Usage Data.

We collect and use Customer End User Data to enable Customers’ optimal use of the Platform, to fulfill or meet the Customer’s request or to provide Explorium’s services, or to respond to an inquiry, to comply with our legal obligations, or to exercise and enforce our legal rights . We also serve as a processing service provider (“sub-processor,” per the GDPR) of any data that Customers provide to us, as explained elsewhere herein.

We collect and use Platform Usage Data for the following purposes:

• To authenticate Customers’ logins to the Platform;
• To communicate with Customers, including to inform customers of any updates to the Platform or services, such as new features and functionalities;
• To process any payments in connection with the Platform and our services;
• To understand how Customers use the Platform so that we may efficiently audit, maintain, and improve the Platform for Customers and develop new features;
• To comply with our legal obligations, or to exercise and enforce our legal rights; and.
• To send Customers marketing materials related to the Platform that we believe may be of interest to Customers. In some cases, you may request and/or consent to receive such materials, which we will send to you only if we have a lawful basis to do so. You may opt out of receiving such materials at any time.

In addition, we may use information derived from the aggregation of Customer End User Data and/or Platform Usage Data in combination with other data (“Aggregated Data”) for research and analytics purposes, or to improve or market the Platform to preform our services to our Customers. Aggregated Data is anonymous, and Explorium does not reveal the identity of any Customer or Customer End User.

4. HOW WE SHARE YOUR DATA

Explorium does not share, sell, or disclose Platform Usage Data or Customer End User Data with or to any third party except to meet Explorium’s legitimate business or commercial purposes. Explorium shares Platform Usage Data and Customer End Data (described in Section 2 above) with the following third parties as needed to fulfill purposes set forth in Section 3 above:

1. Our subsidiaries (as necessary to help us support and maintain the Platform and services provided to Customers);
2. Our data hosting provider (i.e., we store our information on Amazon Web Services, whose servers may be located worldwide. European users acknowledge and agree that PII may be transferred outside of the European Union to countries whose laws may not offer the same protection as those of the European Union. Amazon Web Services’ privacy policy is located at https://aws.amazon.com/privacy/.)
3. Our payment processors or other business-operation service providers, provided that transfers to service providers are done consistent with Agreements between Explorium and Customers, and such service providers are authorized to use your PII only to the extent it is necessary for service providers to provide their services to us. Transfers to service providers are covered by the Agreements between Explorium and our Customers. Explorium authorizes these service providers to use your PII only as necessary to provide their services;
4. To Partners who enable us to enrich our databases, only upon a Customer’s instruction that we enrich their data, and provided that any such transfer is done consistent with our agreements with Partners and Agreements with Customers and is undertaken solely for the use of the Customer who requested such data enrichment;
5. To legal authorities or entities when legally required;
6. To respond to or prevent fraud;
7. To protect the safety of Explorium, its Customers, or the public; and
8. To the surviving or acquiring entity of Explorium, as part of any merger, acquisition, or sale of all or part of the assets of Explorium. In such a case, only Customer End User Data will be transferred following the completion of any such transaction and/or during the assessment process while a transaction is pending.

5. CROSS-BORDER TRANSFERS

Explorium may need to transfer Platform Usage Data or Customer End User Data to countries other than the country from which the Data originated. Any such transfer will be done in compliance with all applicable laws. By using the Explorium Platform, European Economic Area (“EEA”) Customers acknowledge, agree, and consent to Explorium’s sending and processing of customer and Customer End User PII to and in other jurisdictions outside the European Union and European Economic Area, including the United States, where less stringent data protection laws are in place.

6. INFORMATION SECURITY

Explorium is SOC2 and ISO 27001 certified and takes great care in implementing and maintaining the security of the Platform, Explorium’s services, Platform Usage Data, and Customer End User Data (for the purpose of this section, “Data”). Explorium hosts the Data through our authorized third-party service providers, including Amazon Web Services, which asserts that it provides advanced security features. Explorium employs industry standard policies and procedures to ensure the safety of its Platform and Data, and to prevent the unauthorized use of any of them. Notwithstanding the foregoing, as with any Software as a Service, we cannot guarantee that unauthorized access to the Data will never occur. Consequently, we cannot ensure or warrant the security of any Data that you transfer to us, and any information that you transfer to us is done at your own risk.

7. DATA RETENTION

Explorium retains (i) Customer End User Data for as long as Customers require to use the Platform or as required or permitted by law; and (ii) Platform Usage Data for no more time than is necessary to serve the legitimate business need for which it was collected.

8. RELATIONSHIP, LAWFUL BASIS, AND CUSTOMER END USER CHOICES

Explorium is deemed a “data processor,” while its Customers are deemed “data controllers,”  under the laws of certain jurisdictions when processing PII of Customer End User Data in connection with the provision of the Platform and services to a customer. We process any such PII solely for the purpose of providing the services per our Agreements with Customers and their instructions and authorizations provided in such Agreements. Customer End Users should therefore closely review the Privacy Policies of the applications, services, and websites they access to understand our Customers’ privacy practices.

Where Explorium is deemed a data processor under the laws of certain jurisdictions (e.g., in connection with its processing of Platform Usage Data), Explorium will comply with all applicable laws related to its status as a data processor and will only use the data as described in this Platform Privacy Policy.

The following legitimate interests are the lawful bases on which Explorium relies to process Platform Usage Data: (i) to provide its Customers using the Platform with more accurate analysis and better predictive models; (ii) to improve, personalize and market our Platform; and (iii) to promote the safety and security of our Platform. Explorium processes Platform Usage Data to perform its obligations under the Agreements with its Customers and, where appropriate, with the consent of its Customers.

EEA users have a number of legal rights with respect to their PII, including accessing, updating, and exporting personal data, editing and deleting personal data. In certain circumstances, you can object to processing of your information, or request that Explorium completely delete your information from our database. Where Explorium is deemed a data processor, Customer End Users should contact our Customers to enforce any such data subject legal rights. Explorium will cooperate with its Customers to support and comply with any such data subject rights requests. Where Explorium is deemed a data controller, Customer End Users may exercise their rights by contacting Explorium at privacy@explorium.ai. We will respond to your requests within a reasonable timeframe. Please note that these rights may be limited in certain circumstances, as provided by applicable law.

9. FOR CALIFORNIA RESIDENTS

If you are an individual from California please note that in the preceding twelve (12) months, we may have received information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with a particular consumer or household, including but the following categories of information:

1. Identifiers and other Customer record information such as name, signature, physical characteristics or description, address, unique personal identifier, online identifier, IP address, email address, telephone number, education, or financial information.
2. Commercial information, including records of personal property, products, or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
3. Internet or other similar network activity and technical information related to use of mobile device or computer, such as Technical Information (as defined above).
4. Geolocation data.
5. Professional or employment-related information, such as employment history, skills certifications, or job titles.
6. Inferences drawn from other personal information, such as preferences, characteristics, behavior, and aptitudes related to a Customer End User’s use of Customer’s applications and services, or Customer’s use of the Platform, including Behavioral Information (as defined above).

In addition, in the preceding twelve (12) months, Explorium may have:

• Exchanged the following types of information: identifiers, commercial information, professional or employment-related information, Technical Information, and Behavioral Information. To be clear, we have enriched this data by utilizing the information provided by our various Customers for the purpose of completing the data set so that we may better serve our Customer End Users. Under some laws, this activity is defined as a “sale”; and/or

• Disclosed for a business purpose the following types of information: identifiers, PII contained in Customer records, commercial information, professional or employment-related information, Technical Information, geolocation data, and Behavioral Information.

California Civil Code Section 1798.83 permits California resident-consumers to request certain information once per year regarding the disclosure of their PII to third parties for purposes of their direct marketing to California resident-consumers. To make such a request, please send us an e-mail at privacy@explorium.ai with “Shine the Light Request” in the subject line. Please note that we evaluate a “Shine the Light” request to determine whether it is proper under the scope of this law before we respond.

California residents may have the following additional rights from January 1, 2020:

• You have the right to know and right to access information about the categories and specific pieces of PII we have collected about you, as well as the categories of sources from which your PII is collected, the purpose for collecting such information, and the categories of third parties with whom we share your PII. You also have the right to know if we have sold or disclosed your PII. You may also request a copy of the PII we have collected and/or disclosed, and upon request, we will provide this information to you in electronic form.
• You have the right to request information about our sale or disclosure of your PII to third parties for business purposes.
• You have the right to opt out of the sale of your PII to third parties. We use certain PII solely to fulfil our obligations pursuant to Agreements with our Customers, and upon a Customer’s direct instruction to enrich its Customer End User Data with additional PII made available through our Platform. This use is defined as a “sale” under California law. We never provide Customer End-User Data or Platform Usage Data as a source of PII to a third party. If you would like to opt-out of the sale of your information (i.e., not permit your information to be used in connection with our data enrichment practices), please visit https://www.explorium.ai/do-not-sell-my-personal-information/ .
• You have the right to request the deletion of your PII, subject to certain legal exceptions.
• You have the right to not be discriminated against for exercising any of these rights.

If you would like to exercise one or more of the above rights, please contact us using the contact information provided in Section 13. You may also designate an authorized agent, registered with the California Secretary of State, to make such a request on your behalf. The authorized agent must be registered with the California Secretary of State and must have written permission to submit requests on your behalf. Whenever feasible, we will match the provided identifying information to the PII already maintained by us for verification purposes. If we cannot verify the identity of the requester using the information in our possession, however, we may request additional information to verify your identity.

10. CHILDREN

Our Platform is not intended for children, and our Platform is not designed to attract children. We do not knowingly collect, and we do not sell, PII from children. In the event that we learn that we have collected PII from a person under the age of majority in his or her jurisdiction, we will delete all such PII as soon as possible.

12. CHANGES TO THE PRIVACY POLICY

Explorium reserves the right to change this Platform Privacy Policy at any time. We will provide notice of substantial changes of this policy on the Explorium website’s homepage at www.explorium.ai. Such substantial changes will take effect seven (7) days after notice is provided on our website or by email (if applicable). All other changes to this Platform Privacy Policy are effective as of the stated “Last Revised” date, and your continued use of the Platform after the Last Revised date will constitute your acceptance of, and agreement to be bound by, those changes.

13. HOW TO CONTACT US

If you have any questions or comments concerning this Platform Privacy Policy, please contact us via email at privacy@explorium.ai or via physical mail at Explorium Ltd., 8 Eliezer Kaplan St., Tel-Aviv, Israel.