Personify Inc. Privacy Policy

Effective: October 17, 2023
Last Updated: October 17, 2023

Personify Inc. and its affiliates, a2z Personify, LLC, WildApricot Inc. and MemberClicks LLC (collectively “Personify,” “we,” “us,” or “our”) supports associations, nonprofits, event professionals, and other organizations through its technology platform, professional services and support. If you are a California resident, please review California Notice at Collection and Privacy Rights.

Table of Contents

  1. Scope
  2. Personal Data We Collect
  3. How We Use Personal Data
  4. Disclosures of Personal Data
  5. Cookies and Other Tracking Mechanisms
  6. Security
  7. How Long We Retain Personal Data
  8. Your Privacy Choices
  9. Reseller Activities/Integration Partners
  10. Personal Data of Minors
  11. External Links
  12. Legal Grounds for Collecting and Processing Personal Data
  13. California Notice at Collection and Privacy Rights
  14. European Privacy Rights
  15. Data Controller
  16. Changes to this Notice
  17. Contact Us

1. Scope

This privacy policy (“Policy”) explains how we process personal data from customers and visitors to our websites (“Sites”) and users of our products and services (“Services”) as a controller or business under applicable privacy laws.

When we collect personal data as a processor on behalf of business customers, we process personal data in accordance with our contract with them and their privacy policy will apply.

This Policy does not apply to the personal data of employees or job applicants or to information that is exempt under applicable laws. We may provide additional notices when needed to clarify our privacy practices in specific circumstances.

2. Personal Data We Collect

While the personal data we collect varies depending upon your use of our Services and our interactions with you, we may collect personal data from you, from third-party sources, and automatically:

Personal Data Collected Directly from You. We may collect the following personal data from you:

  • Customer Service and Support. When you contact us for support or other customer service requests, we maintain support tickets and other records about your requests and related communications. For example, where you use one of our support request forms, we collect details about you, including your name, contact details, email address, and the nature of your request.
  • Account Services. When you register or create an account, we may collect your name, email address, address, phone number, business contact information, organization name, job title and primary role, account name and password.
  • User Content. We collect user-generated content when you submit information or feedback to our Site or Services.
  • Request a Demo. When you request a demo, we collect your first name, last name, phone number, email address, organization name and type, and any additional personal data you may include in the comments.
  • Communications. We collect the information you provide such as contact information and records of our communications.
  • Transaction and Billing Information. When you purchase a product or Service from us, we collect purchase information, including payment card information through a third-party processor.
  • Surveys. When you fill out a survey, we collect your response, which depends on the type of survey, but may include satisfaction with a product or Service.
  • Events and Other Information. We also collect personal data related to your registration for and participation in our events.
  • Other Information. We may collect other personal data that you consent to or would reasonably expect based on the nature of the circumstances.

Personal Data Collected from Third Parties. We may collect personal data about you from third party sources such as public databases, advisors and agents, affiliates and subsidiaries, Internet service providers, operating systems and platforms, regulators, government entities and law enforcement, data brokers and analytics providers, advertising and marketing companies, business partners, business customers, clients, trade show sponsors, social media platforms, or other third parties.

  • We may receive lead and prospect information from third parties about prospective customers that may be interested in our Services. We may also engage with third parties to enhance or update our customer information.
  • If you post information about us or engage with us on third party platforms or choose to link your Company account to or log in to our Services with a third-party account (e.g., Facebook or LinkedIn), we may collect personal data about you from that third party platform or account.
  • These third-party platforms and services control the information they collect and share about you. For information about how they may use and disclose your information, including any information you make public, please consult their respective privacy policies.

Personal Data Collected Automatically. When you visit our Sites or Services, we and third parties may collect information, including personal data, including through the use of cookies, pixel tags, and other similar technologies such as:

  • Device and Browsing Information. When you visit our Site, we may collect information, which may be considered personal data under certain laws, such as IP address, browser type, domain names, access times, date/time stamps, operating system, language, device type, unique or online identifiers, Internet service provider, referring and exiting URLs, clickstream data, and similar device and browsing information.
  • Activities and Usage. We also collect activity information related to your use of the Site, such as information about links clicked, searches conducted, features used, items viewed, time spent on certain pages, your interactions with us, log file information, and other activity and usage information.
  • Location Information. We may also collect or derive general location information about you, such as through your IP address.

3. How We Use Personal Data

Generally, we use personal data for the following purposes:

  • Providing Services and Support. To provide and operate our Services, communicate with you about your use of the Services, provide troubleshooting and technical support, respond to your inquiries, fulfill your orders and requests, process your payments, communicate with you, and for similar service and support purposes.
  • Communications. To respond to your questions and fulfill your orders and requests; to allow you to participate in interactive features; to seek your views or comments and to send you communications, which you have requested or that may interest you; and to notify you of changes to our Services.
  • Analytics and Improvement. To better understand how users access and use the Services, and our other products and offerings, and for other research and analytical purposes, such as to evaluate and improve our Services and business operations, to develop our Services and features, and for internal quality control and training purposes.
  • Customization and Personalization. To tailor the content we may send or display on the Services, including personalized help and instructions, and to otherwise personalize your experiences.
  • Marketing and Advertising. To send you information about our Services, such as offers, promotions, newsletters and any other information that you sign up to receive and to manage, analyze, measure and improve our advertising campaigns.
  • Planning and Managing Events. For event planning and management, including registration, attendance, connecting you with other event attendees, and contacting you about relevant events and Services.
  • Research and Surveys. To administer surveys and questionnaires, such as for market research or customer satisfaction purposes.
  • Security and Protection of Rights. To protect the Site and Services and our business operations; to prevent and detect fraud, unauthorized activities and access, and other misuse; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our terms or this Policy.
  • Legal Proceedings and Obligations. To comply with the law and our legal obligations, to respond to legal process and related to legal proceedings.
  • General Business and Operational Support. Related to the administration of our general business, accounting, auditing, compliance, recordkeeping, and legal functions.

4. Disclosures of Personal Data

In general, we disclose and make available personal data to third parties in the following ways:

  • Corporate Affiliates. We may disclose personal data to corporate affiliates as part of our global business operations and for purposes and uses that are consistent with this Policy.
  • Processors and Service Providers. We may disclose personal data to our service providers who perform services on our behalf such as IT service providers, hosting providers, chat bot providers, call centers, etc.
  • Third-Party Advertising Networks, Analytics Providers and Social Media Platforms. We and third-party advertising networks, search engines, social media platforms, sponsors and/or traffic measurement services, use information, that may be considered personal information in some jurisdictions to understand and improve the use of our Sites, for analytical purposes, to serve targeted ads and personalize content, and to improve and measure the effectiveness of ads on third-party sites and platforms. For more information, including how to opt out of interest-based advertising, see Section 5 Cookies and Other Tracking Mechanisms below.
  • Compliance, governance and legal requirements. We may disclose personal data to comply with legal and compliance obligations and to respond to legal process and related to legal proceedings. For example, we may disclose personal data in response to subpoenas, court orders, and other lawful requests by regulators and law enforcement. We may also disclose information, including personal data, related to litigation and other legal claims or proceedings, for our internal accounting, auditing, compliance, recordkeeping, and legal functions.
  • Business Transfers. We may disclose personal data as part of commercial transactions (e.g., mergers, acquisitions, bankruptcy, or other similar business transactions) and in contemplation of such transactions (e.g., due diligence).
  • Other Disclosures. We may disclose your personal data for other purposes, which we will notify you of and/or obtain your consent when required.

Aggregate and/or Deidentified Data. We may use and disclose aggregate, deidentified, and other non-identifiable data related to our business and Services for quality control, analytics, research, development and other purposes. Where we use, disclose, or process deidentified data we will maintain and use the information in deidentified form and will not attempt to reidentify the information except where permitted by law.

5. Cookies and Other Tracking Mechanisms

We and other third parties use cookies, pixel tags, session replay technology, and other similar tracking mechanisms to automatically collect information about browsing activity, device type, and similar information within our Site and Services. This information, which may be considered personal information in some jurisdictions, is used, for example, to analyze and understand how you access, use and interact with our Site and Services; to identify and resolve bugs and errors in our Site and Services; to assess, secure, protect, optimize, and improve the performance of our Site and Services; for marketing, advertising, measurement and analytics purposes; and to personalize content on our Site and Services. We may also deidentify or aggregate such information to analyze trends, administer our Site and Services, gather broad demographic information for aggregate uses and for any other lawful purpose.

Cookies. “Cookies” are alphanumeric identifiers used for tracking purposes. Some cookies allow us to make it easier for you to navigate, while others are used to enable a faster log-in process, support the security and performance of the Site, or allow us to track activity and usage data within the Site and across websites.

Pixel Tags and Similar Technologies. Pixel tags (sometime called web beacons or clear GIFs) are tiny graphics with a unique identifier, similar in function to cookies. We may use these tracking technologies to understand users’ activities, help manage content and compile usage statistics, and in emails to let us know when they have been opened or forwarded so we can track response rates and gauge the effectiveness of our communications.

Third Party Analytics. We use third party tools, such as Google Analytics, which are operated by third party companies to evaluate usage and traffic on our Sites and Services. These third-party analytics companies use cookies, pixels, and other tracking technologies to collect usage data to provide us with reports and metrics that help analyze, improve and enhance performance and user experience. To learn more about Google’s privacy practices, please review the Google Privacy Policy at https://www.google.com/policies/privacy/partners/. You can also download the Google Analytics Opt-out Browser Add-on to prevent your data from being used by Google Analytics at https://tools.google.com/dlpage/gaoptout.

Cross-Device Tracking. We and third parties may use the information we collect about you within our Site and on other third-party websites and services to help us and these third parties identify other devices that you use (e.g., a mobile phone, tablet, other computer, etc.) to interact or engage with us or the Site.

6. Security

No data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal data, we cannot guarantee or warrant the security of any information collected through our Site. You use our Site and provide us with your personal data at your own risk.

7. How Long We Retain Personal Data

Your personal data will be retained until such time as needed to fulfill the purposes and uses for which it was collected as outlined in this Policy. If you request that we delete your personal data from our databases, please note we may still retain your personal data as necessary to comply with our legal obligations, regulatory requests, resolve disputes, and enforce our agreements.

8. Your Privacy Choices

Marketing Communication. We may send periodic promotional and operational emails, text messages or other similar communications to you in accordance with applicable law. You may change your preferences by following the instructions provided to you in the communication. If you opt-out of receiving promotional emails from us, we may still send you communications about your account or any services you have requested or received from us. To opt-out of any text messages, reply STOP.

Industry Ad Choice Programs. You can also control how participating third-party ad companies use the information that they collect about your visits to our Site and those of third parties, in order to display more relevant targeted advertising to you. You can obtain more information and opt-out of receiving targeted ads from participating third-party ad networks as outlined below.

Cookie Settings. You can set your browser to block certain cookies or notify you when a cookie is set; you can also delete cookies. The “Help” portion of the toolbar on most browsers will tell you how to prevent your device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to delete cookies. Visitors to our Site who disable cookies will be able to browse the Site, but some features may not function. If you come to our Site from a different device or from a different browser on the same device, you will need to apply your cookie settings for that browser and/or device as well.

Browser Signals. To the extent required by applicable law, if our Site detects that your browser is transmitting an opt-out preference signal, such as a “global privacy control” (or GPC) signal, we will apply that signal to opt that particular browser on your device out of targeting cookies on our Site. If you come to our Site from a different device or from a different browser on the same device, you will need to apply GPC for that browser and/or device as well. We do not respond to do not track signals.

9. Reseller Activities/Integration Partners.

In certain instances, our Services can be configured to integrate with third party solutions such as payment processors; however, we do not collect or store payment processing information. We may also provide your business contact information to our integration partners or refer customers to third parties. Our customers enter into separate agreements with these third parties that govern the processing of personal information.

10. Personal Data of Minors

We provide a general audience Site. The Site and Services are not designed for minors, and we do not knowingly collect personal data from minors.

13. California Notice at Collection and Privacy Rights

This section of the Policy provides additional information for California residents (“you”) and describes our information practices pursuant to applicable California privacy laws, including the California Consumer Privacy Act and the regulations issued thereto, each as amended (the “CCPA”).

In this section, “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. This section does not address or apply to our handling of publicly available information or personal information that is otherwise exempt under the CCPA.

Categories of Personal Information Collected and Disclosed. The following table identifies the categories of personal information we may collect about you (and may have collected in the prior 12 months), as defined by the CCPA, as well as the categories of third parties to whom we may disclose this information for a business or commercial purpose. Depending on how you use the Services, we may collect and disclose the following categories of personal information:

Categories of Personal Information Third Party and Other Recipient Disclosures
Identifiers. Includes information regarding your name, unique personal identifier, online identifier, Internet Protocol (IP) address, postal address, phone number, and email address.
  • Advisors and agents
  • Affiliates and subsidiaries
  • Internet service providers, operating systems and platforms
  • Regulators, government entities and law enforcement
  • Data analytics providers
  • Marketing and advertising providers
  • Others as permitted by law
Customer Records. Includes your name, address, phone number, and employment history. Payment information may be collected through third party payment processors.
  • Advisors and agents
  • Affiliates and subsidiaries
  • Internet service providers, operating systems and platforms
  • Regulators, government entities and law enforcement
  • Others as permitted by law
Commercial Information. Includes records of personal property; records of Services purchased, obtained, or considered; or other purchasing or use histories or tendencies.
  • Advisors and agents
  • Affiliates and subsidiaries
  • Regulators, government entities and law enforcement
  • Data analytics providers, auditors
  • Others as permitted by law
Internet or Other Electronic Network Activity Information. Includes browsing history, clickstream data, search history, and information regarding interactions with our Site, advertisements, or emails, including other usage data related to your use of any of our Sites or other similar online services.
  • Advisors and agents
  • Affiliates and subsidiaries
  • Regulators, government entities and law enforcement
  • Data analytics providers
  • Advertising networks
  • Others as permitted by law
Geolocation Data. Such as general location information about a device for security and other purposes.
  • Advisors and agents
  • Affiliates and subsidiaries
  • Data analytics providers
  • Others as permitted by law
Audio, Electronic, Visual, or Similar Information. Includes information collected via call recordings if you are interacting with us in a customer service capacity or if you call us on a recorded line and security footage if you visit our premises.
  • Advisors and agents
  • Affiliates and subsidiaries
  • Regulators, government entities and law enforcement
  • Others as permitted by law
Professional Information. Includes professional and employment-related information such as current and former employer(s) and position(s), business contact information and professional memberships.
  • Advisors and agents
  • Affiliates and subsidiaries
  • Regulators, government entities and law enforcement
  • Others as permitted by law
Inferences. Such as inferences drawn from any of the information described in this section about a consumer including inferences reflecting the consumer’s preferences, characteristics, behaviors, attitudes, abilities, and aptitudes.
  • Advisors and agents
  • Affiliates and subsidiaries
  • Regulators, government entities and law enforcement
  • Data analytics providers
  • Marketing and advertising providers
  • Others as permitted by law

Sales and Sharing of Personal Information. The CCPA defines “sale” as disclosing or making available personal information to a third-party in exchange for monetary or other valuable consideration, and “sharing” as disclosing or making available personal information to a third-party for purposes of cross-context behavioral advertising. While we do not disclose personal information to third parties in exchange for monetary compensation, we may “sell” or “share” the following categories of personal information: identifiers and Internet and network activity information. We may disclose these categories to third-party advertising networks, data analytics providers, or social networking sites for purposes of marketing and advertising and to improve and measure and analyze our ad campaigns. We do not sell or share sensitive personal information, nor do we sell or share personal information about individuals we know are under age sixteen (16).

Sources of Personal Information. We generally collect the categories of personal information in the table above from the following categories of sources: directly or indirectly from you; affiliates and subsidiaries; business partners; business customers; vendors and service providers; our Site and online services; Internet service providers; operating systems and platforms; marketing list providers; trade show sponsors; social networks; government entities; third-party advertising networks; and marketing and data analytics providers.

Purposes of Collection, Use, and Disclosure. As further described in Section 3. How We Use Personal Data, in general, we collect and otherwise process personal information for the following business or commercial purposes and as otherwise directed or consented to by you: providing services and support;, communications; analytics and improvement; customization and personalization; marketing and advertising; planning and managing events; research and surveys; security and protection of rights; legal proceedings and obligations; general business and operational support.

Retention. We retain the personal information we collect as reasonably necessary for the purposes described above or otherwise disclosed to you at the time of collection. We retain personal information as necessary to comply with our tax, accounting, operational and recordkeeping obligations, to provide you with the services you have requested, to protect, defend or establish ours and others’ rights, defend against potential claims, and comply with our legal obligations. In some cases, we may deidentify or aggregate personal information in compliance with the CCPA.

California Privacy Rights. The CCPA provides California residents with specific rights regarding personal information. In general, California residents have the following rights with respect to their personal information, subject to certain conditions and exceptions:

  • Right to Know. You have the right to request: (i) the categories or personal information we collected about you; (ii) the categories of sources from which the personal information is collected; (iii) our business or commercial purposes for collecting, selling, or sharing personal information; (iv) the categories of third parties to whom we have disclosed personal information; and (v) a copy of the specific pieces of personal information we have collected about you.
  • Right to Delete. You have the right to request we delete personal information we have collected from you.
  • Right to Correct. You have the right to request that we correct inaccuracies in your personal information.
  • Right to Opt-Out of Sales and Sharing. To exercise your right to opt-out of the “sale” or “sharing” of your personal information, please click here or use the Do Not Sell or Share My Personal Information link at the bottom of our website.

    You also have the right to opt-out of “sales” and “sharing” of your personal information through the use of an opt-out preference signal. If we detect that your browser or device is transmitting an opt-out preference signal, such as the “global privacy control” or “GPC” signal, we will opt that browser or device out of cookies that result in a “sale” or “sharing” of your personal information. If you come to our website or use our services from a different device or from a different browser on the same device, you will need to opt-out or use an opt-out preference signal for that browser and/or device as well.

  • Right to Limit Use of Sensitive Personal Information. You have the right to limit use and disclose of your sensitive personal information. We do not currently use or disclose sensitive personal information beyond the purposes authorized by the CCPA. If our practices change, we will provide this right.
  • Right to Non-Discrimination. You have the right not to be subjected to discriminatory treatment for exercising any of the rights described in this section.

Exercising Your Rights

If you are a California resident and would like to exercise your CCPA rights, you may do so via any of the methods described below:

  • Calling us collect at 512-982-4400
  • Emailing us at personifyprivacy@personifycorp.com
  • Writing to us at: Personify, Attn: Security Officer, 7010 Easy Wind Drive, Suite 210 Austin, Texas 78752

Verification. We will take steps to verify your request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information in order to verify your identity, or where necessary to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for the denial.

Authorized Agents. You may designate someone as an authorized agent to submit requests and act on your behalf. Authorized agents will be required to provide proof of their authorization in their first communication with us and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.

14. Information for European Residents

The information in this section 14 is provided for the benefit of residents of the European Union, European Economic Area, the U.K. and Switzerland (collectively, “Europe”, “European”), and reflects additional disclosures which you are entitled to under the General Data Privacy Framework Services Data Protection Regulation (GDPR) and equivalent local data protection laws, in circumstances where those laws apply.

Legal basis for using your personal data. For each activity that uses personal data (see section 3) we are required to establish a ‘legal basis’ for processing. The legal bases we rely on are:

  • Necessary for us to perform a contract with you or take steps at your request prior to entering into a contract (“Performance of Contract”) – if we have entered into a contract with you as an individual, and we need to process personal data to provide our services and support, and to administer those services.
  • Necessary for us to realize a legitimate interest based on an assessment of that interest and your privacy and other fundamental interests (“Legitimate Interest”) – if we have entered into a contract with your business, we have a legitimate interest in processing your personal data (e.g., your business contact information) to the extent necessary to provide our services and support, and to administer those services. We also have a legitimate interest in carrying out analytics and improvement, marketing and advertising to businesses, administering research and surveys, as well as establishing, exercising and defending our legal rights. In each case, we ensure that our legitimate interest is not outweighed by any impact on your rights and freedoms that results from our use of your personal data.
  • Necessary for us to comply with an applicable legal obligation (“Complying with a Legal Obligation”) – for example, if we are required to disclose your personal data in response to legal proceedings, or if we need to provide personal data to tax authorities or other regulators.
  • With your consent (“Consent”) – for example, where we are required by local law to obtain your consent prior to sending you direct marketing messages or collecting information through the use of non-essential cookies or similar technologies. In these cases, you can withdraw your consent at any time with future effect.

Overview of European Rights. Where European data protection laws apply you have a right to request access to and correction (i.e., rectification) or erasure of your personal data, to data portability, to restriction of processing of your personal data, to object to the processing of your personal data under certain circumstances, and to lodge a complaint with a supervisory authority. For more information about these rights, please visit the European Commission’s “My Rights” page relating to GDPR, which can be displayed in a number of languages.

Right to Object to Processing of Personal Data

  • For Direct Marketing Purposes. You have the absolute right to object to the processing of your personal data for direct marketing purposes, including profiling for purposes of direct marketing.
  • For Public Interest or Exercise of Official Authority. You have the right to object if the processing of your personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • For Legitimate Interests. You have the right to object if the processing of your personal data is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Retention. We retain the personal data we collect as reasonably necessary for the purposes described in this privacy policy or otherwise disclosed to you at the time of collection. We retain personal data as necessary to comply with our tax, accounting, operational and recordkeeping obligations, to provide you with the services you have requested, to protect, defend or establish ours and others’ rights, defend against potential claims, and comply with our legal obligations. In some cases, we may deidentify or aggregate personal information in compliance with European data protection laws.

Data Privacy Framework (“DPF”) Program Statement

  • EU-U.S. Data Privacy Framework (for personal information transferred from the EU to the U.S.)
  • UK Extension to the EU-U.S. Data Privacy Framework (for personal information transferred from the UK and Gibraltar to the U.S.)
  • Swiss-U.S. Data Privacy Framework (for personal information transferred from Switzerland to the U.S.)

Personify, Inc., and its affiliates, a2z Personify, LLC, WildApricot Inc. and MemberClicks, LLC (“Personify,” “we,” “our,” “us”) complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce (collectively, the “Frameworks”). Personify has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) regarding the processing of personal information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Personify has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) regarding the processing of personal information received from Switzerland in reliance on the Swiss-U.S. DPF (together, the “Principles”). If there is any conflict between the terms in this Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the relevant Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Personal Information We Process. We collect the categories of personal information described in the “Personal Data We Collect” section of our Policy. We process this personal information for the purposes stated in the “How We Use Personal Data” section of our privacy policy. We commit to processing the personal information we receive under the Frameworks in accordance with the Principles.

U.S. Entities. The following Personify entities adhere to the Principles: Personify, Inc., and its affiliates, a2z Personify, LLC, WildApricot Inc. and MemberClicks, LLC.

Your Choices. Pursuant to the Frameworks, EU, UK, and Swiss individuals (“you”) have the right to obtain confirmation of whether we maintain your personal information in the United States. Upon your verifiable request, we will provide you with access to the personal information that we hold about you, and you may also request that we correct, amend, or delete personal information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of other persons would be violated.

You may also opt out of our disclosure of your personal information to a third-party, who is not an agent or operating upon our instructions pursuant to a contract (“Third Party”) ,or the use of your personal information for a purpose that is materially different from the purpose(s) for which the personal information was originally collected or subsequently authorized by you. To do so, please contact us at personifyprivacy@personifycorp.com.

Sensitive Personal Information. For any sensitive personal information we collect about you (i.e., personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual), we will obtain affirmative express consent (i.e., opt in) from you if such data will be disclosed to a Third Party or used for a purpose other than those for which it was originally collected or subsequently authorized by you. In addition, we will treat as sensitive any personal information received from a third party where the third party identifies and treats it as sensitive.

Transfers to Third Parties. As described in more detail in Section 4. “Disclosures of Personal Data” section of our Policy, we transfer personal information to Third Parties, such as agents or service providers, non-affiliated parties, and to appropriate vendors (e.g., to verify identity and to investigate and prevent fraud, potential threats to safety, illegal activities, and violations of terms or this Policy). We contractually require Third Parties to whom we transfer personal information to provide equivalent levels of protections.

Contacting Us, Complaints, and Dispute Resolution. In compliance with the Frameworks, Personify commits to resolve complaints about our collection and use of your personal information. If you have inquiries or complaints regarding our handling of personal information received in reliance on the Frameworks, you should first contact us at Personify, 7010 Easy Wind Drive, Suite 210 Austin, Texas 78752, personifyprivacy@personifycorp.com.

Non-Human Resources Data. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Human Resources Data. In compliance with the Frameworks, Personify commits to cooperate and comply with the advice of the panel established by the EU data protection authorities, the UK Information Commissioner’s Office, the Gibraltar Regulatory Authority, and the Swiss Federal Data Protection and Information Commissioner, as applicable, with regard to unresolved complaints concerning our handling of human resources personal information received in reliance on the Frameworks in the context of the employment relationship.

Binding Arbitration. If your complaint cannot be resolved through the above channels, there may be a possibility, under certain conditions, for you to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. See DPF Principles Annex 1 at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2 for more information.

FTC Enforcement. The U.S. Federal Trade Commission has jurisdiction over Personify’s compliance with the Frameworks.

Law Enforcement or Public Authority Requests. In accordance with our legal obligations, we may be obligated to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Liability for Onward Transfers. Personify remains responsible and liable under the Frameworks for any onward transfers of your personal information to Third Parties.

15. Data Controller

Personal data received directly from clients and used by Personify itself for its business purposes, as well as personal data collected by us through our Sites, is controlled by Personify, Inc., which is headquartered at 7010 Easy Wind Drive, Suite 210 Austin, Texas 78752. If your personal data was collected by or on behalf of Personify, then such personal data is controlled by Personify, Inc., which is located at 7010 Easy Wind Drive, Suite 210 Austin, Texas 78752 and which you can contact by email at personifyprivacy@personifycorp.com. However, if your personal data was collected by or on behalf of one of our clients, then such personal data collection and usage is controlled by that client, with Personify assisting such client as a processor.

16. Changes to this Notice

If we decide to change or update our Policy, we will post those changes on this page. Your continued use of the Site and our Services is subject to our most up-to-date Policy, posted here. If we make any material changes, we will notify you by an update on our Site.

17. Contact Us

If you have any questions about this Policy or our privacy practices or if you need assistance relating to your personal data, you may contact us via email at personifyprivacy@personifycorp.com or by writing us at the following address: Personify, attention Security Officer, 7010 Easy Wind Drive, Suite 210 Austin, Texas 78752.