This is the Privacy Notice of ControlCase Inc. as well as our global subsidiaries, (“ControlCase”), whose corporate headquarters is located at 12015 Lee Jackson Highway, Suite 520, Fairfax, VA 22033, USA.
1. IMPORTANT NOTICE
ControlCase operates mainly in the business-to-business (B2B) software and services industry. Unlike many companies and Web sites, we do not focus on consumer users or the collection of consumer data. To the extent we collect information on-line, our purpose is to better serve our business clients and their employees.
ControlCase creates software and services that are designed to enable customers to meet their compliance goals in timely, transparent, and efficient manner.
ControlCase respects your privacy. This Privacy Notice sets out how ControlCase collects and processes your personal data when you access and use our Services, including the site www.controlcase.com (“Site”). This Privacy Notice also provides certain information that is legally required and lists certain of your rights in relation to your personal data under applicable law.
Certain sections of this Privacy Notice may apply only to residents of the U.S. (“U.S. Only”), while other sections apply only to residents outside of the U.S. (“Outside the U.S.”). We identify those sections accordingly. Sections not otherwise designated or not otherwise superseded by a country-specific statement apply globally.
We may amend this Privacy Notice from time to time. We encourage you to check our Privacy Notice regularly to understand how we may process your Personal Data.
2. INFORMATION ABOUT PERSONAL DATA PROCESSING
2.1. Personal Data
2.2. How We Collect Personal Data
- When you register for an account or interact with or utilize our Products or Services.
We collect Personal Data when you use or interact with our Site and Services, including when you register with us, browse our products online, or make purchases from us. This Personal Data may include name, address, phone number, username and password, email address, location data, and payment information.
- E-Mail Lists
ControlCase maintains e-mail lists to keep interested parties informed about our company, events, products, support, and more. We do not sell the addresses on our list, but we may make information available to specific business partners, sponsors, or service providers. Users may voluntarily request to join our mailing lists by signing up or opting in through a form on our Web site. To be removed from a ControlCase e-mail list, follow the “SafeUnsubscribe™” instructions on e-mails from ControlCase.
- When you communicate with us or sign up for promotional materials.
We collect Personal Data when you communicate with us or sign up to receive promotional materials or information, including email address and phone number.
- When we collect data from third parties or publicly-available sources.
We may obtain certain data about you from third-party sources to help us provide and improve the Services and for marketing and advertising. We may combine your Personal Data with data we obtain from our Services, other users, or third parties to enhance your experience and improve the Services.
- When we leverage and/or collect cookies, device IDs, Location, data from the environment, and other tracking technologies.
- Users Under 18 Years of Age
We do not knowingly collect Personal Data online from individuals under 18 years without parental consent. If you become aware that an individual under 18 years of age has provided us with Personal Data without parental consent, please contact us at privacy@ControlCase.com . If we become aware that an individual under 18 has provided us with Personal Data without parental consent, we will take steps to remove the data as permitted by law.
2.3. How We Disclose Personal Data
We may disclose your Personal Data as described in this Privacy Notice, including:
- To Affiliates and Partners.
With companies or ventures that are owned or controlled by ControlCase and internally within ControlCase in order to provide and improve Services, for marketing purposes, for advertising, and for analytics.
- To Service Providers and Vendors.
With business partners, marketing partners, and vendors to provide, improve, and personalize the Services.
- For Advertising and Marketing.
With advertising and marketing partners for advertising and marketing purposes on ControlCase’s behalf and on behalf of third parties.
- For Certain Analytics and Improvement.
With certain companies for purposes of analytics and improvement of the Services.
- For Interest-Based Advertising.
With companies involved in interest-based advertising. This advertising consists of ControlCase [and third-party ads] that are personalized and displayed on our sites and through other channels. For more information on how data is disclosed for advertising see Advertising and Analytics section of this Privacy Notice.
- For Legal Compliance, Law Enforcement, and Public Safety Purposes
- Actual or Contemplated Sale, Acquisition, or Reorganization.
In connection with a contemplated reorganization or an actual reorganization of our business, in connection with financing, a sale, acquisition or other transaction involving the disposal of all or part of our business or assets, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction.
3. LEGAL BASIS FOR PROCESSING
We collect and process your personal data for a variety of different purposes which are set out in further detail below.
In some cases, we will ask for your consent so that we may process your Personal Data. However, in certain circumstances, applicable data protection laws allow us to process your Personal Data without needing to obtain your consent. In the U.S., you typically provide consent when you receive notice of this Privacy Notice. This section addresses the legal basis for processing your Personal Data if you reside outside the U.S.
3.1. Processing Personal Data Where Consent Not Obtained
In certain cases, separate consent is not required, including:
- For the performance of a contract.
To perform our contractual obligations to you, including our fulfilling orders or purchases you have made, contacting you in relation to any issues with your order or use of the Services, in relation to the provision of the Services, or where we need to provide your Personal Data to our service providers related to the provision of the Services.
- To comply with legal obligations.
To comply with laws, regulators, court orders, or other legal obligations, or pursuant to legal process.
- Legitimate Interests.
To operate our business and provide the Services, other than in performing our contractual obligations to you for ControlCase’s “legitimate interests” for the purposes of applicable law, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Legitimate interests may include:
- To communicate with you regarding the Services, including to provide you important notices regarding changes to our Terms and Conditions and to address and respond to your requests, inquiries, and complaints.
- To send you surveys in connection with our Services.
- To assist in the investigation of suspected illegal or wrongful activity, and to protect and defend our rights and property, or the rights or safety of third parties.
- To develop, provide, and improve our Services.
3.2. Matters That May Require Consent
In cases where we are not already authorized to process the Personal Data under applicable law, we may ask for your consent to process your Personal Data, including:
We may ask for your consent to contact you by telephone, SMS, post and/or email about other offers, products, promotions, developments or services which we think may be of interest to you and for other marketing purposes.
We may ask for your consent to use your Personal Data for research purposes.
Cookies used for analytics may use non-Personal Data that is not directly linked to you. We use analytics technologies to improve our Site and Services.Users are advised that if they wish to deny the use and saving of cookies from the Site on to their computer’s hard drive, they should take necessary steps within their web browser’s settings to block all cookies from the Site and its external serving vendors. Please note that if you choose to erase or block your cookies, you will need to re-enter your original user ID and password to gain access to certain parts of the Site. For information on how to disable cookies, refer to your browser’s documentation.
3.3. Withdrawing Your Consent
You may at any time withdraw the consent you provide for the processing of your Personal Data for the purposes set forth in this Privacy Notice by contacting us at privacy@ControlCase.com provided that we are not required by applicable law or professional standards to retain such information.
If you want to stop receiving future marketing messages and materials, you can do so by clicking the “SafeUnsubscribe™.” link included in our email marketing messages and update your profile by clicking on “Update Profile”.
4. DE-IDENTIFIED OR ANONYMIZED DATA
We may create de-identified or anonymous data from Personal Data by excluding data components (such as your name, email address, or linkable tracking ID) that makes the data personally identifiable to you or through obfuscation or through other means. Our use of anonymized data is not restricted by this Privacy Notice.
5. DATA RETENTION
We will retain your Personal Data for as long as long as you maintain an account or as otherwise necessary to provide you the Services. We will also retain your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Where we no longer need to process your Personal Data for the purposes set out in this Privacy Notice, we will delete your Personal Data from our systems.
Where permissible, we will also delete your Personal Data upon your request, as further described in the Data Subject Access, Modification, and Deletion Rights section of this Privacy Notice.
6. ADVERTISING AND ANALYTICS
Interest-based advertising is advertising that is targeted to you based on your web browsing and application usage over time. We disclose various types of de-identified information to enable interest-based advertising. You have the option to restrict the use of information for interest-based advertising and to opt-out of receiving interest-based ads.
You can make decisions about your privacy and the ads you receive. You can control whether companies serve you on-line behavioral advertising by visiting the Digital Advertising Alliance website and using its opt-out: http://www.aboutads.info/choices/ (U.S.) http://www.youronlinechoices.com/ (EU). The DAA opt-out requires that cookies not be blocked in your browser.
As an alternative to the DAA opt–out, you can also elect to block browser cookies from first parties (such as those from our website) and browser cookies from third parties (such as advertisers) by using the cookie blocking options built into your browser software. If you block browser cookies, some parts of our website may not function correctly. Also, blocking cookies will not stop third-parties from collecting IP address, data stored in “Flash” cookies, and certain other types of technical information that may uniquely identify your browser.
Due to the lack of consensus around a Do Not Track standard, our websites do not change how they collect or track data when they receive the “Do Not Track” flag.
7. SOCIAL NETWORK WIDGETS
Our Site may include social network sharing widgets that may provide information to their associated social networks or third-parties about your interactions with our web pages that you visit, even if you do not click on or otherwise interact with the plug-in or widget. Information is transmitted from your browser and may include an identifier assigned by the social network or third party, information about your browser type, operating system, device type, IP address, and the URL of the web page where widget appears. If you use social network tools or visit social networking sites, you should read their privacy disclosures, to learn what information they collect, use, and share.
8. WHY WE COLLECT AND PROCESS YOUR PERSONAL DATA
We need to process certain of your Personal Data in order to fulfil our contractual obligations to you and to provide you with the Services.
Where we ask for your consent to process your Personal Data, you have the right to withdraw such consent as described in this Privacy Notice. Please note, however, we may be unable to provide you certain Services that require the use of Personal Data.
Please note that even where your consent would otherwise be required, we may nevertheless process your Personal Data in accordance with our legitimate interests under applicable law, as described in this Privacy Notice.
9. TRANSFER AND STORAGE OF PERSONAL DATA
ControlCase and associated Services and systems may be stored on servers in the United States. If you are located outside of the United States, please be aware that Personal Data we collect will be processed and stored in the United States, a jurisdiction in which the data protection and privacy laws may not offer the same level of protection as those in the country where you reside or are a citizen.
By using our Services and/or submitting your Personal Data, you agree to the transfer, storage, and/or processing of your Personal Data in the United States.
10. DATA SUBJECT ACCESS, MODIFICATION, AND DELETION RIGHTS (OUTSIDE U.S.)
You have the right in certain circumstances to request confirmation from us as to whether or not we are processing your Personal Data. Where we are processing your Personal Data, you also have the right to request access to, modification of, or deletion of such Personal Data.
You have the right in certain circumstances to receive the Personal Data concerning you that you provided to us and have the right in certain circumstances to transmit such data to another controller.
To exercise your rights with respect to your Personal Data, please contact us at privacy@ControlCase.com . As permitted by law, certain data elements may not be subject to access, modification, and/or deletion. Furthermore, we may charge for this service and will respond to reasonable requests as soon as practicable and as required by law.
11. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY (OUTSIDE U.S.)
You may have a right to lodge a complaint with a supervisory authority.
12. SECURITY SAFEGUARDS AND LINKS TO OTHER WEBSITES
We implement appropriate technical and organizational safeguards to protect against unauthorized or unlawful processing of Personal Data and against the accidental loss, destruction, or damage of Personal Data. Please be advised, however, that we cannot fully eliminate security risks associated with the storage and transmission of Personal Data.
13. YOUR CALIFORNIA PRIVACY RIGHTS (U.S. ONLY)
Under Section 1798.83 of the California Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of Personal Data the business shares with third parties for those third parties’ direct marketing purposes, and the identities of the third parties with whom the business has shared such data during the immediately preceding calendar year. To exercise your rights, you may make one request each year by emailing us at privacy@ControlCase.com with “Request for California Privacy information” on the subject line and in the body of your message. Be sure to provide in the request sufficient information to properly identify you and/ or the members of your family.
14. REVISIONS AND CONTRACT INFORMATION
15. CONTACT US
For questions regarding this Privacy Notice, please contact us at: privacy@ControlCase.com.