Effective Date: August 17, 2022
When you use your desktop or mobile device to visit our website or use our Services, we may collect certain information about you, including information that can be used to identify you (i.e. “Personal Information” as defined below). We collect this information to enable us to communicate with you and provide you with information about our products and services, to provide and improve the Services, and for the specific purposes described in this Policy. We are committed to using your Personal Information in a fair and transparent way.
This Policy is provided to help you understand, in a clear and transparent manner: (i) the Personal Information we collect, how we collect it, how we use it, and how we may share it; (ii) the applicable rights you have regarding your Personal Information; and (iii) how we protect your privacy and your Personal Information. Personal Information does not include, and this Policy does not apply to, aggregate information or information that has been fully de-identified or anonymized in accordance with applicable law. We value and respect your privacy and your rights related to your privacy, and protecting your Personal Information is important to us. This Policy explains how we handle the collection and use of Personal Information that we obtain and the choices that you can make about how your Personal Information is used by Comply365. “Personal Information” means any information relating to an identified or identifiable natural person or household that can be used directly or indirectly, alone or in combination with other information, to personally identify a natural person, an individual, or household, by reference to a particular identifier such as a first and last name, email address, identification number, location, or a personal profile. In some cases, IP addresses may also be considered Personal Information.
Consent and Modification
We encourage you to review this Policy periodically, as your use of our Services constitutes consent to this Policy. We will periodically update this Policy, and any changes will be reflected here. If the changes are significant, we may provide a more prominent notice, and at our discretion may email you directly with information on the same. If you do not agree with the practices described in this Policy, you should not use our Services or otherwise interact with Comply365.
We regularly review our compliance with this Policy. Please feel free to direct any questions or concerns regarding this Policy or our treatment of Personal Information (including any actions you feel may be inappropriate or unlawful) by contacting us through our Site, or by contacting us by email at firstname.lastname@example.org, or by writing to us at Comply365, LLC, 655 Third Street, Suite 365, Beloit, WI 53511, Attn: Data Privacy. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the handling, processing and transfer of Personal Information that cannot be resolved between you and Comply365.
What Personal Information We Collect and How We Collect It
By Using Our Services. In connection with the Services that we provide, we may collect the following types of Personal Information: first and last name, email address, company, professional title, mailing address, and phone number. In order to use certain of our paid subscription Services, you are required to establish an account (“Account”). Establishing an Account requires only a first and last name along with an email address and a password.
If you are granted access to Comply365’s Services through a corporate account, we do not require any Personal Information other than as set forth herein. If you have any questions or concerns about the ability of any corporate entity to access your Personal Information or furnish your Personal Information to us, you should direct those questions to the administrator of that corporate entity.
By Visiting Our Site. In connection with you visiting our Site, we may collect certain types of Personal Information. Please note that while some select educational materials on our Site may require that you provide limited Personal Information, an Account is not required, nor do we require that you provide any Personal Information, in order to access the general information on our Site. If you provide any additional Personal Information beyond what we require, such as in your communications with us, doing so is entirely your choice. We will retain the Personal Information that you choose to provide in those instances in compliance with this Policy.
We also collect certain data about you automatically when you visit our Site or use our Services, which data may be considered Personal Information. This data may include your IP address, the time and date of your visit, your location, the pages and other content that you access, and the number of times you return to the Site. Collection may be performed either by Comply365’s own software and tools or through our integrations with technology provided by third parties. We collect this information by using technologies such as:
Log Files: A log file is a text file which resides on our servers, and which records pertinent information about your interactions with our Services at the time of access. Log file data is used primarily for diagnostic and auditing purposes.
We may also use other technologies that collect similar information for security and fraud detection purposes.
How We Use Personal Information
We use Personal Information primarily to provide our Services in manners including, but not limited to, responding to inquiries, providing customer service, and sending administrative information. We may use Personal Information to contact you, now or in the future, to tell you about our events, new service offerings, promotions, opportunities, or other general information about Comply365 or our Services that we think you might be interested in.
We also use the Personal Information we collect to improve our Site. We review information to learn about how our Site is used and accessed, and to analyze user behavior as a measure of interest in and use of our Site. We may disclose such analyses to third parties in the form of aggregate data, such as overall patterns or demographic reports that do not describe or identify any individual user. We may also use certain subsets of the same information to investigate and prosecute potential breaches of Comply365 license agreements and security policies. We may share pertinent Personal Information with our contractors, vendors, and other affiliates and partners for the authorized purposes of processing data for marketing, research, analytics, customer support and account management.
If you provide any information, whether or not it is Personal Information, via any interactive features of the Services, or through any social media platform that Comply365 links to, you should be aware that the information you provide could be available to others, whether immediately or at some future point. If you contact us by email, please be aware that we have no control over the security of the public network through which your email transits before we receive it. When caused by errors, by the unauthorized acts of third parties during transmission, or by interaction with a website other than Comply365’s, we have no liability for disclosure of any information.
Though it is not often necessary, we reserve the right to disclose Personal Information to third parties to protect the rights, property, or safety of Comply365, our employees, or others.
The use of personal information for customers of Comply365 is governed in accordance with the purposes stated within the MSA and the terms of the associated DPA.
Other Disclosures of Personal Information
We do not sell, trade, share, or rent your Personal Information to unaffiliated third parties.
We will not disclose your Personal Information to any third party except as necessary for a legitimate use as described in this Policy, in connection with a bona fide legal dispute (where the information is relevant and in response to a valid, compulsory legal process), or as otherwise required by law.
The use of sub-processors of personal information for customers of Comply365 is governed in accordance with the terms of the associated DPA. Comply365 holds these sub-processors to similar standards of data protection as they apply to us through a written contract that specifies the purposes of use and the third-party’s security and privacy obligations.
Your Choices & Accuracy of Your Personal Information
You always have the choice whether or not to provide Personal Information to Comply365. As indicated above, some of our Services require that you register an Account but doing so is at your discretion. If you choose not to provide required Personal Information, you can still use any portion of our Services that do not require Personal Information.
If you do provide us with Personal Information, we want to make sure it remains accurate and up to date. If you have an Account, you can use the tools that we make available therein to modify or remove certain information related to your Account. If you otherwise need to correct or update any part(s) of your Personal Information, you can submit a change request directly to Comply365 by emailing us at email@example.com. Please be sure to include sufficient details to allow us to make the necessary changes.
Third Party Websites
Comply365 maintains an ISO-27001 Information Security Management System certification at an enterprise level, and otherwise uses commercially reasonable security and backup measures to protect the information submitted to us. No method of transmission over the Internet or method of electronic storage and security is 100% secure, though. While we always strive to protect your Personal Information, we cannot guarantee its absolute security. We encourage all our users to retain copies of all uploaded information on their own systems, to adhere to all corporate security policies or guidelines pertinent to your situation, and to practice personal habits of digital security.
The Services are not directed to children under the age of 18 and we do not knowingly collect any Personal Information from children under the age of 18 without parental consent. If we learn that a child under the age of 18 has provided us with Personal Information, or that such Personal Information has otherwise been inadvertently collected, we will delete it in accordance with applicable law.
California residents have additional rights regarding the privacy and disclosure of Personal Information, including, but not limited to a right to request that Comply365 not sell their Personal Information, right to request deletion of personal information, subject to certain exceptions, as well as a right to be informed about our other uses and disclosures of their Personal Information, such as for direct marketing purposes.
Comply365 does not sell your Personal Information, and we use and disclose Personal Information solely in accordance with this Policy. If you are a California resident and would like additional information about our use of your Personal Information, please contact us as indicated below.
Under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) California residents (referred to as “consumers” under these laws) have the following rights regarding their Personal Information:
Right to Know and Right to Deletion. You have the right to request: (i) information about our collection, use, sharing or disclosing of your Personal Information; and (ii) to access the specific Personal Information we may collect or process about you. You can also request that your Personal Information be deleted. You may make such a request by emailing us at firstname.lastname@example.org. Prior to completing your request, we may verify your request and your identity (based upon the information you provided). Your request must include your full name, email, where you live (city and state) and the basis for your request (what you want us to do in relation to your Personal Information). Comply365 is only required to respond to such verifiable requests twice per person each year.
You may also designate an authorized agent to make such a request on your behalf, by providing us with a signed, notarized letter appointing your agent, and the specific purpose of the authorization. If you are such an authorized agent, you must provide us with the information described above regarding the California resident (or consumer under the CCPA and CPRA) on whose behalf you are acting; and your complete name, email, and letter signed by the California resident authorizing you to act on their behalf.
Right to Opt-Out of the Sale of Personal Information. You have the right to opt-out of any “sale” (as defined under the CCPA) of Personal Information; we do not “sell” your Personal Information as defined under the CCPA/CPRA.
Right to Non-Discrimination. You also have the right not to be discriminated against (or receive any discriminatory treatment) due to your exercising any of these CCPA/CPRA rights.
We provide our contact information below.
California Do Not Track Notice
California law requires websites to disclose whether they and/or any third party(s) collect Personal Information about their users’ online activities over time and across different sites. California law also requires that we disclose how we respond to “do not track” signals and similar mechanisms.
We do not track you over time or across third-party websites. As such, we do not respond to “do not track” signals. If you would like to learn more about browser tracking signals and “do not track” generally, please visit https://allaboutdnt.org.
If you are a Nevada resident, you may ask us to add you to our opt-out list for possible future sales of certain information that we have collected or will collect about you. To submit such a request, please contact us as indicated below.
Privacy in Colorado, Virginia, Vermont
If you are a resident of Colorado, Virginia, or Vermont, you may also have additional rights regarding your Personal Information; these data privacy laws essentially go into effect in 2023. Please feel free to contact us regarding these laws, and check-back with us in the future, as we will update this Policy in the future as these laws become effective.
E.U. Resident Privacy
Comply365 complies with the provisions of the European Union’s General Data Protection Regulation (“GDPR”) as to the Personal Information in its possession of E.U.-based persons (“data subjects”). We only process Personal Information on data subjects where we have a lawful basis to do so, which may include the consent of the person (as in the case of Site visitors who provide their information), compliance with a legal obligation, or the legitimate interest of the controller or a third party. We will provide notice to all data subjects as required by GDPR Article 13 or 14, as appropriate, and honor the rights of data subjects provided for in Articles 12-23, including the right to be forgotten. We also enter into and maintain Data Protection Addendums pursuant to GDPR Article 28 when and where required. If your Personal Information is subject to any such Data Protection Addendum(s), we will treat it at all times in accordance with our obligations under the applicable Data Protection Addendum.
U.K. Resident Privacy
Comply365 complies with the provisions of the United Kingdom’s newly adopted version of the General Data Protection Regulation (the “UK-GDPR”) as to the Personal Information in its possession of U.K.-based persons (“data subjects” under the UK-GDPR). We only process Personal Information on data subjects where we have a lawful basis to do so, which may include the consent of the person (as in the case of Site visitors who provide their information), compliance with a legal obligation, or the legitimate interest of the controller or a third party. We will provide notice to all data subjects as required by UK-GDPR Article 13 or 14, as appropriate, and honor the rights of data subjects provided for in Articles 12-23, including the right to be forgotten. We also enter into and maintain Data Protection Addendums pursuant to UK-GDPR Article 28 when and where required. If your Personal Information is subject to any such Data Protection Addendum(s), we will treat it at all times in accordance with our obligations under the applicable Data Protection Addendum.
Consent to Transfer
Comply365 is operated in the United States. If you are outside of the United States, please be aware that any information we collect will be transferred to and processed in the United States. By using our Services, or otherwise providing us with Personal Information, you understand and consent to this transfer, processing, and storage of your information in the United States, a jurisdiction in which the privacy laws may not be as comprehensive as, or conflict with, those in the country where you reside and/or are a citizen. You may withdraw your consent at any time by contacting us as described below.
Exercising Your Rights; Questions or Comments
If you wish to exercise your rights regarding our processing of your Personal Information, or if you have any questions or comments about this Policy, the practices, or use of the Site, please feel free to contact us by email at email@example.com, or by mail at the following address: Comply365, LLC, 655 Third Street, Suite 365, Beloit, WI 53511, Attn: Data Privacy. To report any unethical actions in connection with this Policy, please contact us by email at firstname.lastname@example.org.