Last updated: September 16, 2020
- YOUR DATA AND HOW WE RECEIVE OR COLLECT IT
Two types of data are pertinent to our ability to fulfill business or commercial purposes, including: (1) information that Customers decide, in their full discretion, to insert into the Platform where such information relates to the Customers’ End Users, including such Customer End Users’ Technical Information, Behavioral Information, and Personal Information (collectively, “Customer End User Data”); and (2) information that we collect from Customers in connection with their use of the Platform, including such Customers’ name, billing information, employees and representatives who are authorized by Customers to use the Platform, their email, phone number, address, or other contact details, or Technical Information or Behavioral Information related to Customers, their employees, or representatives (collectively, “Platform Usage Data”). Either way, we never collect information directly from a Customer End User.
Customer End User Data and Platform Usage Data may include:
- Technical information related to a Customer End User’s or Customer’s use of a mobile device or computer, including: browser type, operating system, device type and model, system language, memory, OS version, Wi-Fi status, screen resolution, and IP address (“Technical Information”).
- Information related to a Customer End User’s use of Customer’s applications and services, or Customer’s use of the Platform, including where a Customer End User clicked, scrolled, focused (i.e. zoom), and navigated to a Customer’s site or application or information related to clicks on links contained in an email (“Behavioral Information”).
- Information that, directly or when combined or cross-referenced with other information, identifies an individual, such as names, addresses, credit cards or other financial information, health information, any other type of sensitive personal information, and—in some jurisdictions—IP addresses (“Personal Identifiable Information” or “PII”).
We may collect Customer End User Data or Platform Usage Data through the following methods:
- From publicly available sources, such as public social media profiles and information made available from federal, state, or local government records for public access.
- To the extent permitted by law, we may receive additional information such as corporate information, geographic locations, contact details, and other information through the various business support tools and services that we use (“Partners”). We also may receive or collect information through public and open-data sources such as, public web pages, social media sites, review sites, and governmental listings. We may combine information received through these sources with other information we collect to improve Platform.
- HOW WE USE YOUR DATA FOR BUSINESS AND COMMERCIAL PURPOSES
The way we use data depends on whether such data constitutes Customer End User Data or Platform Usage Data.
We collect and use Customer End User Data to enable Customers’ optimal use of the Platform, to fulfill or meet the Customer’s request or to provide Explorium’s services, or to respond to an inquiry, to comply with our legal obligations, or to exercise and enforce our legal rights . We also serve as a processing service provider (“sub-processor,” per the GDPR) of any data that Customers provide to us, as explained elsewhere herein.
We collect and use Platform Usage Data for the following purposes:
- To authenticate Customers’ logins to the Platform;
- To communicate with Customers, including to inform customers of any updates to the Platform or services, such as new features and functionalities;
- To process any payments in connection with the Platform and our services;
- To understand how Customers use the Platform so that we may efficiently audit, maintain, and improve the Platform for Customers and develop new features;
- To comply with our legal obligations, or to exercise and enforce our legal rights; and.
- To send Customers marketing materials related to the Platform that we believe may be of interest to Customers. In some cases, you may request and/or consent to receive such materials, which we will send to you only if we have a lawful basis to do so. You may opt out of receiving such materials at any time.
In addition, we may use information derived from the aggregation of Customer End User Data and/or Platform Usage Data in combination with other data (“Aggregated Data”) for research and analytics purposes, or to improve or market the Platform to preform our services to our Customers. Aggregated Data is anonymous, and Explorium does not reveal the identity of any Customer or Customer End User.
- HOW WE SHARE YOUR DATA
Explorium does not share, sell, or disclose Platform Usage Data or Customer End User Data with or to any third party except to meet Explorium’s legitimate business or commercial purposes. Explorium shares Platform Usage Data and Customer End Data (described in Section 2 above) with the following third parties as needed to fulfill purposes set forth in Section 3 above:
- Our subsidiaries (as necessary to help us support and maintain the Platform and services provided to Customers);
- Our payment processors or other business-operation service providers, provided that transfers to service providers are done consistent with Agreements between Explorium and Customers, and such service providers are authorized to use your PII only to the extent it is necessary for service providers to provide their services to us. Transfers to service providers are covered by the Agreements between Explorium and our Customers. Explorium authorizes these service providers to use your PII only as necessary to provide their services;
- To Partners who enable us to enrich our databases, only upon a Customer’s instruction that we enrich their data, and provided that any such transfer is done consistent with our agreements with Partners and Agreements with Customers and is undertaken solely for the use of the Customer who requested such data enrichment;
- To legal authorities or entities when legally required;
- To respond to or prevent fraud;
- To protect the safety of Explorium, its Customers, or the public; and
- To the surviving or acquiring entity of Explorium, as part of any merger, acquisition, or sale of all or part of the assets of Explorium. In such a case, only Customer End User Data will be transferred following the completion of any such transaction and/or during the assessment process while a transaction is pending.
- CROSS-BORDER TRANSFERS
Explorium may need to transfer Platform Usage Data or Customer End User Data to countries other than the country from which the Data originated. Any such transfer will be done in compliance with all applicable laws. By using the Explorium Platform, European Economic Area (“EEA”) Customers acknowledge, agree, and consent to Explorium’s sending and processing of customer and Customer End User PII to and in other jurisdictions outside the European Union and European Economic Area, including the United States, where less stringent data protection laws are in place.
- INFORMATION SECURITY
Explorium is SOC2 and ISO 27001 certified and takes great care in implementing and maintaining the security of the Platform, Explorium’s services, Platform Usage Data, and Customer End User Data (for the purpose of this section, “Data”). Explorium hosts the Data through our authorized third-party service providers, including Amazon Web Services, which asserts that it provides advanced security features. Explorium employs industry standard policies and procedures to ensure the safety of its Platform and Data, and to prevent the unauthorized use of any of them. Notwithstanding the foregoing, as with any Software as a Service, we cannot guarantee that unauthorized access to the Data will never occur. Consequently, we cannot ensure or warrant the security of any Data that you transfer to us, and any information that you transfer to us is done at your own risk.
- DATA RETENTION
Explorium retains (i) Customer End User Data for as long as Customers require to use the Platform or as required or permitted by law; and (ii) Platform Usage Data for no more time than is necessary to serve the legitimate business need for which it was collected.
- RELATIONSHIP, LAWFUL BASIS, AND CUSTOMER END USER CHOICES
Explorium is deemed a “data processor,” while its Customers are deemed “data controllers,” under the laws of certain jurisdictions when processing PII of Customer End User Data in connection with the provision of the Platform and services to a customer. We process any such PII solely for the purpose of providing the services per our Agreements with Customers and their instructions and authorizations provided in such Agreements. Customer End Users should therefore closely review the Privacy Policies of the applications, services, and websites they access to understand our Customers’ privacy practices.
The following legitimate interests are the lawful bases on which Explorium relies to process Platform Usage Data: (i) to provide its Customers using the Platform with more accurate analysis and better predictive models; (ii) to improve, personalize and market our Platform; and (iii) to promote the safety and security of our Platform. Explorium processes Platform Usage Data to perform its obligations under the Agreements with its Customers and, where appropriate, with the consent of its Customers.
EEA users have a number of legal rights with respect to their PII, including accessing, updating, and exporting personal data, editing and deleting personal data. In certain circumstances, you can object to processing of your information, or request that Explorium completely delete your information from our database. Where Explorium is deemed a data processor, Customer End Users should contact our Customers to enforce any such data subject legal rights. Explorium will cooperate with its Customers to support and comply with any such data subject rights requests. Where Explorium is deemed a data controller, Customer End Users may exercise their rights by contacting Explorium at firstname.lastname@example.org. We will respond to your requests within a reasonable timeframe. Please note that these rights may be limited in certain circumstances, as provided by applicable law.
- FOR CALIFORNIA RESIDENTS
If you are an individual from California please note that in the preceding twelve (12) months, we may have received information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with a particular consumer or household, including but the following categories of information:
- Identifiers and other Customer record information such as name, signature, physical characteristics or description, address, unique personal identifier, online identifier, IP address, email address, telephone number, education, or financial information.
- Commercial information, including records of personal property, products, or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Internet or other similar network activity and technical information related to use of mobile device or computer, such as Technical Information (as defined above).
- Geolocation data.
- Professional or employment-related information, such as employment history, skills certifications, or job titles.
- Inferences drawn from other personal information, such as preferences, characteristics, behavior, and aptitudes related to a Customer End User’s use of Customer’s applications and services, or Customer’s use of the Platform, including Behavioral Information (as defined above).
In addition, in the preceding twelve (12) months, Explorium may have:
- Exchanged the following types of information: identifiers, commercial information, professional or employment-related information, Technical Information, and Behavioral Information. To be clear, we have enriched this data by utilizing the information provided by our various Customers for the purpose of completing the data set so that we may better serve our Customer End Users. Under some laws, this activity is defined as a “sale”; and/or
- Disclosed for a business purpose the following types of information: identifiers, PII contained in Customer records, commercial information, professional or employment-related information, Technical Information, geolocation data, and Behavioral Information.
California Civil Code Section 1798.83 permits California resident-consumers to request certain information once per year regarding the disclosure of their PII to third parties for purposes of their direct marketing to California resident-consumers. To make such a request, please send us an e-mail at email@example.com with “Shine the Light Request” in the subject line. Please note that we evaluate a “Shine the Light” request to determine whether it is proper under the scope of this law before we respond.
California residents may have the following additional rights from January 1, 2020:
- You have the right to know and right to access information about the categories and specific pieces of PII we have collected about you, as well as the categories of sources from which your PII is collected, the purpose for collecting such information, and the categories of third parties with whom we share your PII. You also have the right to know if we have sold or disclosed your PII. You may also request a copy of the PII we have collected and/or disclosed, and upon request, we will provide this information to you in electronic form.
- You have the right to request information about our sale or disclosure of your PII to third parties for business purposes.
- You have the right to opt out of the sale of your PII to third parties. We use certain PII solely to fulfil our obligations pursuant to Agreements with our Customers, and upon a Customer’s direct instruction to enrich its Customer End User Data with additional PII made available through our Platform. This use is defined as a “sale” under California law. We never provide Customer End-User Data or Platform Usage Data as a source of PII to a third party. If you would like to opt-out of the sale of your information (i.e., not permit your information to be used in connection with our data enrichment practices), please visit https://www.explorium.ai/do-not-sell-my-personal-information/ .
- You have the right to request the deletion of your PII, subject to certain legal exceptions.
- You have the right to not be discriminated against for exercising any of these rights.
If you would like to exercise one or more of the above rights, please contact us using the contact information provided in Section 13. You may also designate an authorized agent, registered with the California Secretary of State, to make such a request on your behalf. The authorized agent must be registered with the California Secretary of State and must have written permission to submit requests on your behalf. Whenever feasible, we will match the provided identifying information to the PII already maintained by us for verification purposes. If we cannot verify the identity of the requester using the information in our possession, however, we may request additional information to verify your identity.
Our Platform is not intended for children, and our Platform is not designed to attract children. We do not knowingly collect, and we do not sell, PII from children. In the event that we learn that we have collected PII from a person under the age of majority in his or her jurisdiction, we will delete all such PII as soon as possible.
- HOW TO CONTACT US
Also, Explorium has appointed an EU Representative, Symmetry Solutions Ltd., based in Ireland, who you may address if you are located in the European Union to ask any questions about our processing of your personal data, including any requests to exercise your rights provided by the General Data Protection Regulation (EU) 2016/679. You can contact our EU Representative by email at: firstname.lastname@example.org , or by post: FAO Explorium EU Rep, Symmetry Solutions Ltd, The Tara Building, 11-15 Tara Street, Dublin 2, D02RY83, Ireland