Kantata Privacy Policy

Effective Date: June 25, 2020

This Privacy Policy describes the privacy practices that Kantata, Inc. (“Kantata” or “us” or “we”) follows when collecting and using information about you from our website (located at www.kantata.com) and the Kantata software as a service platform (located at app.mavenlink.com) including the optional M-Bridge add-on an all other products and services offered by Kantata through its software as a service platform (collectively, “Site”).

This Privacy Policy complies with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this Privacy Policy.

We ask that you please read this Privacy Policy before using the Site. It describes what information we gather from you and others who visit or use the Site, how we use that information and what we do to protect it. When you access or use the Site, certain information, including your personal information may be collected, transferred, processed, stored and in certain circumstances, disclosed as described in this Privacy Policy.

BY CREATING AN ACCOUNT ON OUR SITE OR OTHERWISE PROVIDING US WITH YOUR OR OTHER’S PERSONAL INFORMATION, YOU EXPRESSLY CONSENT TO THESE INFORMATION HANDLING PRACTICES AND YOU ACKNOWLEDGE AND CONFIRM THAT YOU HAVE PERMISSION TO PROVIDE US WITH ALL PERSONAL INFORMATION PROVIDED.

Capitalized terms used but not defined in this Privacy Policy have the definitions provided in our Terms of Use (located at www.kantata.com/terms-of-use). Provisions within the Terms of Service may affect this Privacy Policy with respect to your use of the Site so please review the Terms of Service prior to using the Site.

IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY OR OUR TERMS OF SERVICE, PLEASE DO NOT USE OR REGISTER FOR AN ACCOUNT ON THE SITE.

Please be aware that the services and systems for the Site are housed on servers in the United States and the information we collect (including through Cookies as defined below) is processed and stored in the United States, which, if you are not a United States resident, may not offer the same level of privacy protection as the country where you reside or are a citizen. BY USING THE SITE AND PROVIDING INFORMATION TO US, YOU CONSENT TO THE TRANSFER TO AND PROCESSING OF THE INFORMATION YOU PROVIDE IN THE UNITED STATES.

You may choose to provide us with another person's email address so that person may be invited to create an account on the Site. We use this information to contact and, if necessary, remind that person about the invitation. By providing us with another person's email address or any other information about another person, you represent to us that you have obtained that person’s consent to disclose their personal information to us.

TABLE OF CONTENTS

1 THE INFORMATION WE COLLECT.

We collect data to provide the services you request on the Site, ease your navigation on the Site, communicate with you and improve your experience using the Site. Some of this information is provided by you directly, such as when you create an account or when you provide us with other users’ information. Some of the information is collected through your interactions with the Site. We collect such data using technologies like Cookies and other tracking technologies, error reports and usage data collected when you interact with our Site.

The data we collect depends on the services and features of the Site that you use and includes the following:

1.1 Personal Information.

When you visit our website at www.kantata.com without creating an account, you can browse without submitting personal information about yourself. In general, we collect personal information that you submit to us in the process of creating or editing your account and user profile on the Site or that you submit to us voluntarily through your use of the Site. Information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device is “personal information.” In particular, the Site has collected the following categories of personal information from users in the last twelve months. We obtain these categories of personal information with the methods described in more detail below.

CategoryExamplesCollected
A. Identifiers.A real name, alias, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).A name, education, employment, employment history. Some personal information included in this category may overlap with other categories.YES
C. Protected classification characteristics under California or federal law.Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).NO
D. Commercial information.Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.NO
E. Biometric information.Genetic, physiological, behavioral and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns and sleep, health, or exercise data.NO
F. Internet or other similar network activity.Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.NO
G. Geolocation data.Physical location or movements.NO
H. Sensory data.Optional photographs for profile pictures and any applicable content uploaded by you and other users. YES
I. Professional or employment-related information.Employment information, such as role, position and skill level.YES
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.NO
K. Inferences drawn from other personal information.Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.NO

In addition to the categories of personal information identified above, if you submit additional personal information to us voluntarily through your use of the Site, we will collect it consistent with the practices described in this Privacy Policy.

Personal information does not include:

  • • Publicly available information from government records.
  • • De-identified or aggregated consumer information.
  • - Information excluded from the CCPA’s scope, including, without limitation: health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; and
  • - Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA) and the Driver’s Privacy Protection Act of 1994.
1.2 Usage and Device Information.

Similar to other websites, we use tracking technologies to automatically collect certain technical information from your web browser, mobile, or other device when you visit our Site. This data may include, without limitation, your IP address, browser type and language, referring/exit pages and URLs, other browser history, platform type, number of clicks, landing pages, the pages you requested and viewed, the amount of time spent on particular pages and the date and time of your visits. Our collection of this data, described in more detail below, allows us to provide more personalized services to you and to track usage of the Site.

1.3 Cookies.

We automatically derive and collect certain data based on your interactions with the Site using cookies and similar technologies (collectively, “Cookies”). Our collection of data through Cookies includes information about your browser and usage patterns, which may include your IP address, browser type, browser language, referring/exit pages and URLs, pages viewed, links clicked, whether you opened an email and information about the device you use to access the Site. Our collection of this information allows us to improve your user experience in various ways, such as to personalize our display of the Site to you, to “remember” whether or not you are signed in and to provide better technical support to you.

Please note: If you restrict, disable or block any or all Cookies from your web browser, mobile, or other device, the Site may not operate properly and you may not have access to services on the Site. We shall not be liable for any impossibility to use the Site or degraded functioning thereof, where such are caused by your settings and choices regarding Cookies.

1.4 Pixels (aka web beacons/web bugs/java script).

We may use Pixels to automatically record certain technical information about your interactions when you visit the Site or otherwise engage with us, to help deliver Cookies on our Site, or count users who have visited the Site. We may also include web beacons in our promotional e-mail messages or newsletters to determine whether you open or act on them for statistical purposes. Pixels are tiny graphics (about the size of a period at the end of a sentence) with unique identifiers used to track certain online actions, movements and related information of Site users. Unlike Cookies, which are stored on a user's computer hard drive, Pixels are embedded invisibly on web pages or in HTML-based emails. The data we receive through Pixels allows us to effectively promote the Site to various populations of users and to optimize external ads about the Site that appear on third-party websites.

1.5 Third Party Analytics Providers.

We also collect information about Site usage and users with third-party analytics providers like Google Analytics and other third party analytics providers (“Analytics Providers”). These and other Analytics Providers use Cookies in order to collect demographic and interest-level information and usage information from users that visit the Site, including information about the pages where users enter and exit the Site and what pages users view on the Site, time spent, browser, operating system and IP address. Cookies allow Analytics Providers to recognize a user when a user visits the Site and when the user visits other websites. Analytics Providers use the information they collect from the Site and other websites to share with us and other website operators information about users including age range, gender, geographic regions, general interests and details about devices used to visit the Site and other websites and purchase items. We do not link information we receive from Analytics Providers with any of your personal information. We use Google Analytics on the Site to collect and track non-personally identifiable information about Site visitors and users. For more information regarding Google’s use of Cookies and collection and use of information, see the Google Privacy Policy (available at https://policies.google.com/privacy?hl=en). If you would like to opt out of Google Analytics tracking, please visit the Google Analytics Opt-out Browser Add-on (available at https://tools.google.com/dlpage/gaoptout).

1.6 Location Information.

We do not collect precise geolocation data from you or your device, but may collect and use information about your general location (such as if you provide us with any information on your state or country of residence) or infer your approximate location based on your IP address in order to track our general Site usage or to tailor any pertinent aspects of your user experience to the region where you are located.

1.7 User Contributions.

You also may provide information to be published or displayed (hereinafter, “posted”) on public areas of the Site or transmitted to other users of the Site or third parties, including, for example, third party websites and services that are integrated into or linked to the Site (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. We cannot control the actions of other users of the Site or third parties with whom you may choose to share your User Contributions. Such third parties may have their own policies and terms that apply to your User Contributions and we are not responsible for any third party’s policies or terms. We cannot and do not guarantee that unauthorized persons will not view your User Contributions.

2 HOW WE USE YOUR INFORMATION.

2.1 General.

We may use your personal information for the purpose of providing you with our services through the Site; communicating with you about the Site; to operate, manage, improve, develop and conduct analyses relating to the Site; to prevent fraud or abuse; to address technical and security issues; to otherwise protect users; and to improve the Site.

We may use or disclose to third parties the personal information we collect for one or more of the following business purposes:

  • • To fulfill or meet the reason you provided the information (e.g., to help provide our Site services to you).
  • • To personalize and develop our Site and the services we provide you through the Site and improve our offerings.
  • • To provide certain features or functionality of the services on the Site.
  • • For marketing and promotions.
  • • To create, maintain, customize and secure your account with us.
  • • To provide you with support, to communicate with you and respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
  • • To personalize your experience and to deliver content and product and services relevant to your interests.
  • • To help maintain the safety, security and integrity of our Site, services, databases and other technology assets and business.
  • • For testing, research, analysis and product development, including to develop and improve our Site and services.
  • • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • • To prevent illegal activity, fraud and abuse.
  • • As described to you when collecting your personal information or as otherwise set forth in the CCPA.
  • • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by the Company about our users is among the assets transferred or liquidated.
2.2 Account-Related Emails.

When you create an account with us and provide us with your email, we may, subject to applicable law, use your email address to send you updates and news and contact you on behalf of other users (such as notification alerts from project or network activity). For example, when you register, you will receive a welcome email. If our services are temporarily unavailable, we may also send you an email notice.

Email communications you receive from us will generally provide an unsubscribe link allowing you to opt out of receiving future email or to change your contact preferences. If you have an account with us, you can also change your contact preferences by updating your contact information within your account settings. Please remember that even if you opt out of receiving marketing e-mails, we may still send you important service information related to your accounts and the Services.

2.3 Advertising.

We do not use your personal information to display any targeted advertising on the Site.

2.4 Non-Personally Identifiable Information.

We may use non-personally identifiable information, such as anonymized and/or aggregated website usage data, in any manner that does not identify individual users for the purpose of improving the operation and management of the Site, including to develop new features, functionality and services, to conduct internal research, to better understand our Site usage patterns, to resolve disputes, to troubleshoot problems, to fulfill user requests, or for security and compliance purposes. Any non-personally identifiable information that is combined with personal information will be treated by us as personal information.

3 OUR INFORMATION SHARING PRACTICES.

We will not sell or rent your personal information to third parties. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to keep that personal information confidential and use only for performance of the contract and not for any other purpose. We share your information, including any personal information, in the circumstances described below.

3.1 Disclosures of Personal Information in the Last Twelve Months

In the preceding twelve months, we have disclosed your personal information to:

  • • An affiliated person or third-party service providers assisting us in the operation, management, improvement, research and analysis of the Site. Affiliated persons or our third party service providers may augment, extend and combine non-personally identifiable information with data from additional third party sources in order to assist us with the above. Use of information by affiliated persons and third party service providers will be subject to this Privacy Policy or an agreement that is at least as restrictive as this Privacy Policy; and
  • • Analytics Providers.

In the preceding twelve months, we have not sold personal information. Under the CCPA, the sale of personal information means “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.” (Cal. Civ. Code § 1798.140(t)(1)). In the event that we do sell any personal information, we will update this Privacy Policy to list the categories of consumers’ personal information sold and we will address the sale of such personal information in accordance with the policies set forth below.

3.2 Legal Requirements.

We reserve the right to disclose all information collected via the Site, internally or to third parties, for any lawful purpose or to prevent harm to us or others. For example and without limitation, in our discretion we may disclose information to government regulators, law enforcement authorities or alleged victims of identity theft. We will notify you in the event of a government or legal request for your information.

3.3 Organizational Transitions.

If we should ever transfer or restructure the operational ownership of the Site, such as through a merger with another entity or a reorganization of all or a part of our operational responsibilities or assets, we may disclose, transfer, assign our rights and/or delegate our duties to your information without notice and consent, including to prospective or actual recipient or acquiring entities. Should this occur, we will require any third party receiving your personal information as described under this subsection to be contractually required to provide the same level of privacy compliance as provided by us under this Privacy Policy.

3.4 Disclaimer.

We cannot ensure that all of your personal information will be disclosed only in the ways described in this Privacy Policy. For example, we may be required to disclose personal information to the government or third parties under certain circumstances, third parties may unlawfully intercept or access transmissions or private communications, or users may abuse or misuse your personal information that they collect from the Site. Even with the most rigorous information security standards, no transmission of data over the internet can be 100% secure.

4 YOUR CHOICE AND OPTIONS RELATING TO OUR COLLECTION

You can choose not to provide personal information. You may always decline to provide your personal information to us. If you choose not to provide certain personal information to us, some of your experiences may be affected (e.g., we cannot provide you with our services if you do not register for an account on the Site).

4.1 You May Decline Other Requests.

We use your personal information as needed for the purposes for which it was collected or where you have consented to our use of such information. If you do not wish to provide information to us or do not wish to consent to the uses described in this Privacy Policy, please do not use the Site or supply the requested information to us.

4.2 Managing Your Information or Deleting Your Account.

You may access, update or delete your account at any time by signing in to the Site and clicking on your account settings page. Any deletion of your account will not affect any contract we have with your employer or other party that has purchased a subscription to our software as a service platform.

4.3 Right to Access Specific Information and Data Portability Right.

You have the right under the CCPA to request that we disclose certain information to you about our collection and use of your personal information over the past twelve months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • • The categories of personal information we collected about you.
  • • The categories of sources for the personal information we collected about you.
  • • Our business or commercial purpose for collecting or selling that personal information.
  • • The categories of third parties with whom we share that personal information.
  • • The specific pieces of personal information we collected about you (also called a data portability request).
  • • If we disclosed your personal information for a business purpose, the business purpose for which personal information was disclosed and the personal information categories that each category of recipient obtained.
  • • If applicable, (1) the categories of personal information we have sold; (2) the categories of personal information that we sold about the consumer and the categories of third parties to whom the personal information was sold, by category or categories of personal information for each category of third parties to whom the personal information was sold.
4.4 Right to Delete.

You have the right under the CCPA to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) or vendor(s) to:

  • • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • • Debug products to identify and repair errors that impair existing intended functionality.
  • • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • • Comply with a legal obligation or legal order.
  • • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
4.5 Right to Opt-Out.

If you are 16 years of age or older, you have the right under the CCPA to direct us not to sell your personal information at any time (the “right to opt-out”). We do not sell the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sales my opt-out of future sales at any time.

To exercise the right to opt-out or right to opt-in, you (or your authorized representative) may submit a request to us by sending us an e-mail at privacy@kantata.com. Once you make an opt-out request, we will wait at least twelve months before asking you to reauthorize personal information sales. However, you may change your mind and opt back in to personal information sales at any time by sending us an e-mail at privacy@kantata.com. We will only use personal information provided in an opt-out request to review and comply with the request.

4.6 Exercising Your Rights.

To exercise the access, data portability and deletion rights described above, please submit a verifiable consumer request to us by:

Calling us at 800-860-9544

Visiting www.kantata.com/security-and-compliance

Sending us an e-mail at privacy@kantata.com

Submitting your request here: https://preferences.mavenlink.com/privacy

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make such a request for access or data portability twice within a twelve--month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative and describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

We endeavor to respond to a verifiable consumer request within forty-five days of its receipt. If we require more time (up to ninety days), we will inform you of the reason and extension period in writing. We will deliver our written response electronically. Any disclosures we provide will only cover the twelve-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

4.7 Non-Discrimination.

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • • Deny you goods or services.
  • • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • • Provide you a different level or quality of goods or services.
  • • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.

4.8 Online Tracking Choices.

Most web browsers are initially set up to accept Cookies, but you can reset your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, some features and services in the Site (particularly those that require sign-in) may not function properly if your Cookies are disabled. Similarly, if you choose to delete session objects from the Site, you may not be able to access and use all or part of the Site or benefit from some or all of the information or features and services offered.

Some web browsers incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have the user’s online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about that browser’s user. Not all browsers offer a DNT option and DNT signals are not yet uniform.

4.9 Location Information.

You may be able to change the settings on your computer, web browser, or mobile device to prevent it from providing us with any location data, such as your IP address from which we may infer your general location.

5 ACCESSING AND UPDATING YOUR PERSONAL INFORMATION

We do not review for accuracy or update your information regularly, but encourage you to access, review and update your personal information at any time. To request a copy of your personal information and data or for assistance regarding canceling your account, or deleting your personal information, contact us at: privacy@kantata.com or go to www.kantata.com/security-and-compliance. We will respond to your request as soon as reasonably possible after verifying your authority to make such requests. Your requests for personal information deletion are subject to Section 4 of this Privacy Policy above and we will delete your personal information within a reasonable time.

6 SAFETY AND INFORMATION SECURITY MEASURES.

6.1 Security.

We use certain physical, managerial and technical safeguards designed to preserve the security of your information that we maintain in connection with your use of the Site. For example, we encrypt all data with AES-256 / SHA-256 and for password encryption we use secure sockets layer (SSL) and bcrypt, or similar technologies. This, however, does not guarantee that your information may not be accessed, disclosed, altered, or destroyed by any breach of our physical, technical or managerial safeguards. In the event that any of your personal information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and will notify you, as appropriate, in accordance with pertinent laws and regulations.

6.2 Storage.

We or our third party hosting providers store personal information in operating environments that are safeguarded against public or unauthorized access and protected from internal access with physical and technical security measures. While these measures are helpful to safeguard your personal information after we receive it, no transmission of data over the internet is 100% secure.

7 EXTERNAL LINKS.

The Site contains links to third party websites and services, including other software as a service services. We are not responsible for any of the content or features or functionality of other linked websites or services. We are also not responsible for the privacy practices and the terms and conditions of use for any external websites or services. The linked websites and services may collect personal information from you that is not subject to our control. The data collection practices of linked third party websites and services will be governed by that third party’s privacy policy and terms of use.

If you choose to leverage 3rd-party service for authentication you consent to share your information, including personal information, to the company providing the non-Kantata service. We do not provide personal information to third parties. Non-Kantata services are subject to the applicable terms and privacy statement of the company providing the service.

8 THE GENERAL DATA PROTECTION REGULATION (“GDPR”)

Residents of the European Economic Area (“EEA”) may be entitled to rights under the GDPR. If you qualify, these rights are summarized below.

If you request to exercise your rights under the GDPR, we may require verification of your identity before we respond to any such request. If you are entitled to these rights, you may exercise your rights with respect to the personal information that we collect and store:

  • • the right to withdraw consent to data processing at any time;
  • • the right of access to your personal information;
  • • the right to request a copy of your personal information;
  • • the right to correct any inaccuracies in t your personal information;
  • • the right to erase your personal information;
  • • the right to data portability, meaning to request a transfer of your personal information from us to any other person or entity as chosen by you;
  • • the right to request restriction of the processing of your personal information; and
  • • the right to object to processing of your personal information.

You may exercise these rights free of charge. These rights will be exercisable subject to limitations as provided for by the GDPR. Any requests to exercise the above-listed rights may be made to: privacy@kantata.com. If you are an EEA resident, you have the right to lodge a complaint with a Data Protection Authority about how we process your personal information at the following website: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

How Long We Hold Your Personal Data

We retain Personal Data we collect from you where we have an ongoing legitimate business need to do so (for example, for as long as your account is active or as needed to provide you Services you have requested or to comply with applicable legal, tax or accounting requirements). This may also include situations where litigation is pending or ongoing and such information is subject to a legal hold.

When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymise it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible. Where we rely on your consent you have the right to withdraw it at any time in the manner indicated when you consent.

9 INTERNATIONAL DATA TRANSFER AND PERSONAL INFORMATION

If you provide us your personal information, we may transfer, process, use, or store this information in any country where we have operations, including the United States and countries outside of the United States and the EEA. We may transfer your personal information to a country other than the country where it was collected for processing consistent with this Privacy Policy. Do not provide your personal information to us if you do not consent to that information being transferred outside of the United States or the EEA. Your personal information may be transferred to a country where privacy laws may not be as protective as in your place of residence. If we transfer your personal information out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • • European Commission Standard Contractual Clauses: We may use specific contracts approved by the European Commission which give personal information the same protection it has in the EEA.

For additional information on the mechanisms used to protect your personal information, please contact us via e-mail at privacy@kantata.com.

10 CALIFORNIA SHINE THE LIGHT LAW.

California Civil Code Section 1798.83 permits users who are California residents to obtain from us once a year, free of charge, a list of third parties to whom we have disclosed personal information (if any) for direct marketing purposes in the preceding calendar year. If you are a California resident and you wish to make such a request, please send an e-mail with “California Privacy Rights” in the subject line to privacy@kantata.com.

11 CALIFORNIA MINORS.

While the Site is not intended for anyone under the age of 18, if you are a California resident who is under age 18 and you are unable to remove publicly-available content that you have submitted to us, you may request removal by contacting us at: privacy@kantata.com. If you receive a request from an end user who is a California resident under the age of 18 to remove the end user’s content that you provided to us, you may request that we also remove such content by contacting us at: privacy@kantata.com. When requesting removal, you must specify the information you want removed and provide us with specific information, such as the URL for each page where the information was entered, so that we can find it. We are not required to remove any content or information that: (1) federal or state law requires us or a third party to maintain; (2) was not posted by you; (3) is anonymized so that you or the end user, if applicable, cannot be identified; (4) you do not follow our instructions for removing or requesting removal; or (5) you received compensation or other consideration for providing the content or information. Removal of your information or end user information from the Site or services does not ensure complete or comprehensive removal of that information from our systems or the systems of our service providers. We are not required to delete information posted by you; our obligations under California law are satisfied so long as we anonymize the information or render it invisible to other users and the public.

12 CHANGES TO THIS PRIVACY POLICY.

Because our privacy practices and privacy law necessarily evolve over time, we reserve the right to revise this Privacy Policy from time to time in our sole discretion, upon notice to you such as by posting updated Privacy Policy on the Site, sending you an email to your account email, or by any other reasonable means. You should periodically review this Privacy Policy to ensure that you are familiar with the most current version. Your continued use of the Site after the Effective Date posted above will constitute your acceptance of the updated Privacy Policy.

13 CONTACT INFORMATION

If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your information described in this Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Phone: 800-860-9544

Website: www.kantata.com/security-and-compliance

E-mail: privacy@kantata.com

Postal Address:
Kantata
424 9th Street
San Francisco, CA 94103
ATTN: Legal