Effective Date: December 2018
- What information do we collect and process and how do we collect and store it?
- Information you provide
We may collect and store any and all information that you enter through the Services or give to us in any other way. This section of the Policy provides examples of the information that you provide to us. You may visit and browse the Site without submitting personal information about yourself, and you can choose not to provide certain information to us, but then you might not be able to access or use all of the Services.
We collect and process personal information that you provide to us. Personal information is information that directly or indirectly identifies users, such as name, email address and home address. We may also collect user demographic and behavioral information including gender, interests, shopping preferences and history, and the like.
For example, when you log in to the Decision Cloud service or request a demonstration version of the Decision Cloud service, we may collect basic information about you such as your name, username, password, email address, physical address, phone number, date of birth, and other personal and business demographic or contact information.
- Information that is automatically collected
Pixels (a/k/a web beacons, web bugs, scripts). “Pixels” are tiny graphics with a unique identifier that are used to track the online movements of web users. Unlike cookies, which are stored on a computer’s hard drive, pixels are small graphics that are about the size of a period that are embedded invisibly on web pages or in HTML-based emails. We and our third-party service providers may place pixels on the Site that track what other websites you visit (both before and after vising the Site). Our third-party service providers use information obtained from pixels to help us improve our business and the Site.
We may link together different types of usage information or link usage information to personal information. If linked information directly or indirectly identifies an individual person, Element Data treats the linked information as personal information.
- Information licensed for Processing by Companies
We will not comingle, mix or combine customer data licensed to us for processing by companies with other licensed data sources, except during permitted usage and processing as necessary to fulfill contracted services and analysis and will not be retained in a merged or combined state. Companies licensing us to perform processing are required to represent and warrant that they have obtained necessary consent for us to provide processing services.
- Information collected from other sources
We may also collect information through third parties and, where permitted by law, through publicly available sources, in connection with performing activities that you have requested or instructed for the Decision Cloud Services.
Element Data uses several third-party usage analytics tools including Google Analytics and HubSpot. More information about how Google Analytics and HubSpot are used by Element Data can be found here:
You may be able to opt out of Google Analytics tracking by visiting the following link: https://tools.google.com/dlpage/gaoptout/ .
- Why do we collect this information and how do we use it?
The collection of this information allows us to customize your experience with our Site and Services; improve the performance, usability and effectiveness of Element Data’s services; advertise and market our Services; measure the effectiveness of our marketing activities; and generate and analyze statistics about your use of the Services.
Element Data and its service providers use the information we collect to:
- Fulfill your requests and for related services, such as decision-making behaviors, decision- making sentiment, support and training and to provide other services related to your relationship with Element Data;
- Provide you with additional information that may be of interest to you, such news announcements of new features or services;
- Manage our everyday business needs, such as project management updates and service performance and reporting, data transfers, contract management, Site administration, forum management, fulfillment, analytics, security and fraud prevention, corporate governance, reporting and legal compliance, and business continuity;
- Perform our obligations under a contract with you, including pursuant to the General Terms and Conditions;
- To communicate with you and provide you with information; and
- To improve our Site, capability features, product services.
- Do we share or disclose your information?
We may share and disclose your information as described below, and as provided under any applicable General Terms and Conditions.
We may share or disclose your information:
- With vendors or agents working for Element Data. For example, we may share your information with companies we have hired to provide services on our behalf (e.g. providers of management and implementation services). When we share information with these other companies to provide services for us, they are not allowed to use it for any other purpose and must keep it confidential unless you otherwise consent.
- With your organization. If you are using the Services on behalf of an organization (for example, you are administering your employer’s Account), your organization may have the ability to access and control the Account and information you provided (including your name, email address, and IP address).
- With other parties in connection with the Decision Cloud Services. If you or your organization has engaged us to perform Decision Cloud Services, we may disclose information you provide about customer end users to third parties in connection with performing those services. For example, we may disclose information to facilitate consumer transactions. We may also enter information you provide, and we collect into our tools and analyses in order to improve our tools and analyses.
- With others in connection with transfer by us of other business assets.
- As provided in any General Terms and Conditions.
We also may share or disclose information, including the content of your communications:
- To comply with the law or respond to legal process or lawful requests, including from law enforcement and government agencies;
- To conduct investigations of complaints or possible breaches of law, to protect the integrity of the Site, to fulfill your requests, or to cooperate in any legal investigation;
- To act on a good faith belief that access, or disclosure is necessary to protect the safety of our associates, customers or the public.
- Where is your information stored and processed?
Information collected on our Site and Services or received by Element Data from you or third parties, may be stored and processed in the United States where we or our service providers maintain facilities.
- What else do you need to know?
How long do we store your information? We retain and store your personal information only for as long as we have a legitimate business purpose to do so and in accordance with our data retention policies.
Assignment. In the event that all or part of our assets are sold or acquired by another party, or in the event of a merger, you grant us the right to assign the personal information we have collected from you.
How do we safeguard your information? Element Data has and requires its partners to have security policies and procedures in place to help protect personal information from unauthorized loss, misuse, alteration, or destruction. Despite our efforts, however, security cannot be guaranteed against all threats. We seek to limit access to your personal information to those who have a need to know. Those individuals who have access to the data are required to maintain the confidentiality of such information. We recommend that you take additional measures to protect yourself and your information, including by installing up to date anti-virus software, closing browsers after use, keeping confidential your log-in credentials and passwords, and making sure that you regularly update software and apps you have downloaded to ensure you have enabled the latest security features on your devices.
Children. Our Services are not intentionally designed for or directed at children under the age of 13. It is our policy never to knowingly collect or maintain information about anyone under the age of 13, except as part of an engagement to provide Decision Cloud Services. If you are between 13 and 17 years of age, you may use the Service, but you may not submit any personal information. If we become aware that a Site user is under age 18 and has provided personal information, we will take steps to remove his or her personally identifiable information from our files. If you are a parent or guardian and believe Element Data may have inadvertently collected personally identifiable information from your child, please notify Element Data immediately by sending an email to Privacy@elementdata.com.
What are your California Privacy Rights? California law permits residents of California to opt-out of our disclosure of personal information to third parties for their direct marketing purposes. You may choose to opt-out of the sharing of your personal information with third parties for marketing purposes at any time by submitting a request in writing to our contact address above or by e-mailing us at Privacy@elementdata.com. Please note that this opt-out does not prohibit disclosure made for non-marketing purposes. California law also permits residents of California to request and obtain from us once per year, free of charge, a list of the third parties (if any) to whom we have disclosed personal information for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. If you are a California resident and would like to request this information, please submit your request in an e-mail to: Privacy@elementdata.com or by writing to our contact address above. Requests via telephone or facsimile will not be accepted. The e-mail subject line or mailing envelope and the content of your request must include the phrase “Your California Privacy Rights,” and include your name, e-mail address (if you wish to receive a response via e-mail) or street address, city, state, zip code (if you wish to receive a response via postal mail).
California Minors. If you are a California resident who is under age 18 and you are unable to remove publicly-available content that you have submitted to us, you may request removal by contacting us at: Privacy@elementdata.com. When requesting removal, you must be specific about the information you want removed and provide us with specific information, such as the URL for each page where the information was entered, so that we can find it. We are not required to remove any content or information that: (1) federal or state law requires us or a third party to maintain; (2) was not posted by you; (3) is anonymized so that you cannot be identified; (4) you don’t follow our instructions for removing or requesting removal; or (5) you received compensation or other consideration for providing the content or information. Removal of your content or information from the Services does not ensure complete or comprehensive removal of that content or information from our systems or the systems of our service providers. We are not required to delete the content or information posted by you; our obligations under California law are satisfied so long as we anonymize the content or information or render it invisible to other users and the public.
How We Respond to Do-Not-Track Disclosures. We do not support “Do Not Track” browser settings and do not currently participate in any Do Not Track frameworks that would allow us to respond to signals or other mechanisms from you regarding the collection of your personal information.
Access. You may make a request to update or remove personal information that you submitted and we will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and professional standards. To request access to or correction, updating, or removal of your personal information please contact us at: Privacy@elementdata.com
- How can you contact us?
You may contact us using the following information:
Element Data, Inc.
10900 NE 8th St., Suite 1170
Bellevue, Washington 98004
Attention: Data Privacy
Element Data’s EU-US Privacy Shield Principles
Element Data verifies that it adheres to all of the Privacy Shield Principles concerning the transfer of personal data from the European Union (“EU”) to the United States (“U.S.”). As such, we follow the Privacy Shield Principles published by the U.S. Department of Commerce (the “Principles”) with respect to all such data.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Element Data is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission. Consumers unable to resolve a complaint through the Council of Better Business Bureaus Privacy Shield Complaint process may contact the Federal Trade Commission:
Processor on Behalf of Clients
Element Data provides customized computer services designed to help companies manage their customer information more effectively, increase profitability of their marketing and reduce the operational costs of processing customer information. In this capacity, Element Data does not own or control any of the information it processes on behalf of Element Data’s clients. All such information is owned and controlled by Element Data’s clients. In this capacity Element Data receives information transferred from the EU to the United States merely as a processor on behalf of our clients. Element Data does not make any of its client’s data available to any third parties whatsoever. There is no onward transfer of data to third parties.
When Element Data acts as a processor on behalf of its clients, the policies outlined below apply to all data processing operations concerning personal information that has been transferred from the EU to the United States.
Before starting any processing on behalf of Element Data’s clients, Element Data will enter into a processing contract with the EU data controller responsible for the personal information pursuant to the applicable EU Member State Data Protection law. The processing contract ensures that the EU data controller will be in compliance with the Member State Data Protection law.
Any data processed by Element Data will not be further disclosed to third parties except where permitted or required by the processing contract, EU Privacy Shield or the applicable Member State Data Protection law.
Any information Element Data’s client (acting as the EU controller) identifies as sensitive will be treated accordingly.
The processing contract will also specify that the processing will be carried out with appropriate data security measures. Element Data has in place measures to protect personal information from loss, misuse, unauthorized access, disclosure, alteration and destruction.
Element Data adheres to the Principles of the Privacy Shield and is committed to subject all personal data received from the EU to the Privacy Shield Principles. To find out more about participating companies, here is a link to the list maintained by the USDOC: https://www.privacyshield.gov/list/ .
Prior to the transfer of any non-public personal information from the EU to the United States, Element Data requires contractual confirmation from the EU controller from whom Element Data acquired the information that the personal data has been provided to Element Data in accordance with the applicable EU Member State Data Protection law, thereby ensuring the data subjects have been provided with proper notice regarding how their personal data will be used. In addition, when personal data is collected directly from data subjects, Element Data provides the data subject with notice regarding the manner and circumstances in which the personal data will be used and transferred to third parties.
Prior to the transfer of any non-public personal information from the EU to the United States, Element Data requires contractual confirmation from the EU controller from whom Element Data acquired the information that the personal data has been collected in accordance with applicable EU member State Data Protection law, thereby ensuring the data subjects have been provided with the proper choice regarding how their personal data may be used.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to Privacy@elementdata.com.
Accountability for Onward Transfer
Element Data complies with the notice and choice principles as described above for all data disclosed or transferred to a third party. However, when Element Data uses data processors to perform processing tasks on behalf and under the instruction of Element Data, Element Data requires that its data processors:
Enter into a written agreement with Element Data requiring them to provide the same level of protection as Element Data provides including that the data is being transferred for limited and specified purposes; and that the third party adhere to the Privacy Shield Principles.
Element Data’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Element Data remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Element Data proves that it is not responsible for the event giving rise to the damage.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Element Data has in place an information security policy to protect personal information from loss, misuse, unauthorized access, disclosure, alteration and destruction. Element Data’s security officer is responsible for conducting investigations into any alleged computer or network breaches, incidents or problems and ensuring the proper disciplinary action is taken against those who violate Element Data’s information security policy.
Any security compromises or potential security compromises and any inquiries concerning security should be reported to the Element Data consumer advocate. Contact information is provided below under Access.
Data Integrity and Purpose Limitation
Element Data takes reasonable steps to ensure the information transferred from the EU to the United States is reliable, accurate, complete and current. The steps Element Data takes to assure data integrity are based on the purposes for which the personal information is used.
Pursuant to the Privacy Shield Frameworks, EU individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to Privacy@elementdata.com. If requested to remove data, we will respond within a reasonable timeframe.
An individual may request access to the information Element Data maintains in its information products. The individual has the right to learn whether or not data about him or her is found in Element Data’s information products and to correct, amend or delete that information when it is inaccurate. This right applies only to personal information about the individual making the request and is subject to other limitations as defined by law.
Individuals can request access by email Privacy@elementdata.com or writing:
Attention: Privacy Advocate
10900 NE 8th Suite 1100
Bellevue, WA 98004
Element Data’s privacy advocate will explain the process for making an access request. In order to confirm the identity of the individual and have the necessary information to retrieve the individual’s information, Element Data provides a request form which the individual fills out, signs and postal mails to Element Data. Element Data agrees to process all reasonable requests for access within a reasonable time period but reserves the right to deny access or limit access in cases where the burden or cost of providing access would be disproportionate to the risks to the individual’s privacy or in the case of an unwarranted or fraudulent request.
Recourse, Enforcement and Liability
In compliance with the Privacy Shield Principles, Element Data commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union individuals with Privacy Shield inquiries or complaints should first contact Element Data by email at Privacy@elementdata.com or via post at:
Attention: Privacy Advocate
10900 NE 8th Suite 1100
Bellevue, WA 98004
Element Data has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
Individuals who wish to file a complaint or who take issue with Element Data’s EU U.S. Privacy Shield Principles should contact Element Data’s consumer advocate. Element Data’s consumer advocate will explain the process to be followed when filing a complaint. Filing a complaint in English will speed-up the request process.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction