Talk to an expert
Back to site

Legal Information

Skip to menu

Privacy Notice

Last updated: July 30, 2025

Who are we and what is the purpose of this Notice?

Zafin and its group of companies (“Zafin”, “we”, “us” or “our”) are committed to protecting the privacy and security of Personal Information and handling it in accordance with data protection and privacy laws.

This Privacy Notice (“Notice”) and Cookie Notice are part of the Zafin privacy program and describe how we collect, use, and disclose your Personal Information in the course of our business. This Privacy Notice also describes your choices and rights with respect to your Personal Information, including your rights of access and correction. We have published this Notice to ensure that you are fully aware of what Personal Information we collect from you, how we Use it, who we share it with, and what your rights are. This Notice applies to our website visitors, platform users, those who contact us, and those who we send marketing messages to, where you work for a prospective, current or former customer. If you are applying for employment, an internship, or scholarship, please review Zafin’s Candidate Privacy Notice.

Table of contents:

Definitions

We have included the following definitions to help you understand the contents of this Notice:

Automated decision-making – “Automated decision-making” is the process of making a decision by automated means, using algorithms or software, without any human involvement. These decisions can be based on factual data, as well as on digitally created profiles or inferred data

CCPA – “CCPA” means the California Consumer Privacy Act of 2018 and California Privacy Rights Act of 2020 (Cal. Civ. Code 1798.100 et seq) and their regulations.

Collection – “Collection” occurs when Zafin finds itself in custody or control of personal information. Note that this includes information that Zafin receives even when the data was not requested.

Consent  – “Consent” is an individual’s freely given, specific and informed agreement to the processing of their personal information.

EEA – “EEA” means European Economic Area, which includes countries like Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and Sweden.

GDPR – “GDPR” means the General Data Protection Regulation (EU) 2016/679.

Personal Information – “Personal Information” is information that (a) can be used to identify an individual to whom the information relates, or (b) is or might be directly or indirectly linked to an individual in the context of the processing of the data.

PIPEDA – “PIPEDA” means Canada’s federal Personal Information Protection and Electronic Documents Act S.C. 2000, c. 5.

Process – “Process” is an operation or set of operations performed upon Personal Information.

Sell, Sale, Share – We do not “sell” your Personal Information for monetary or other valuable consideration, nor do we “share” your Personal Information for cross-context behavioral advertising, as these terms are defined under applicable U.S. privacy laws.

Sensitive Data – A subcategory of Personal Information which may include government identifiers (like Social Security numbers), precise geolocation data, racial or ethnic origin, religious beliefs, or health information. We do not process Sensitive Data without your prior consent.

Targeted Advertising – Displaying advertisements to you where the advertisement is selected based on personal data obtained from your activities over time and across nonaffiliated websites or online applications to predict such as your predispositions or interests.

UK GDPR – “UK GDPR” means the General Data Protection Regulation, Regulation (EU) 2016/679 as it forms part of domestic law in the United Kingdom by virtue of section 3 of the EU (Withdrawal) Act 2018 (including as further amended or modified by the laws of the United Kingdom or a part of the United Kingdom from time to time).

Use – “Use” means the process of collecting, accessing, storing, reading, modifying, analyzing, or changing Personal Information. This includes when Zafin uses a service provider or vendor to carry out these tasks on its behalf.

Go back to Table of contents

Personal Information we collect and how we Use it

When you engage with Zafin through our websites, or any platforms, or when you use our Services, we may gather Personal Information and other information from you.

Zafin’s primary source of information for processing is de-identified Personal Information provided to us by our customers. Our customers remove direct identifying attributes from data sets by excluding them or replacing them with random data ‘tokens’. Zafin delivers data analytics and related services on this de-identified data. Zafin does not attempt to re-identify individuals in these data sets. Notwithstanding this, Zafin’s policy protects these data as Personal Information.

We take steps designed to ensure that only authorized personnel have access to your Personal Information. The sections below further describe where we collect your Personal Information from, what we collect, and how we Use it. This Notice also provides links to more detail specific to your region, to help you to understand the Use of your Personal Information.

When you visit and use our Website

We will collect browser and device information such as IP address, browser history, aggregated data, and usage data via cookies. Cookie related details are provided in the Cookie Notice. This information does not reveal your identity and is not directly about you.

We will use this information:

  • To operate, maintain, enhance, and provide all features of our Website;
  • To understand which parts of the website are visited and how frequently;
  • To provide access to desirable content based on your preferences
  • To provide support to users of the Website.


If you choose to withhold any Personal Information requested or deny the placement of cookies required for the purpose of providing a service, it may negatively impact your experience on the site and limit the services we are able to provide.

For marketing purposes

When you fill in a form

If you fill in a form on our website, on an advertiser platform (e.g. LinkedIn), or at an event, we will collect the information you include on the form such as your name, contact details (telephone number, mailing address and email address), business contact details (job title, business email address, business telephone number) and details of the organization you work for. We will also capture your areas of interest, types of communications you would like to receive, and marketing preferences.

We will use this information:

  • To fulfil your request;
  • To send you information about our products and solutions;
  • To provide access to content (e.g. whitepapers, case studies);
  • To administer subscriptions to Zafin publications and newsletters;
  • To organize events;
  • To respond to questions about Zafin;
  • To provide support to visitors of our Website

 

Publicly available Personal Information

We may collect information such as your name, business contact details (job title, business email address, business telephone number) and details of the organization you work for, using publicly available information, such as social network profiles (e.g. LinkedIn).

We will use this information:

  • To design marketing campaigns;
  • To market our products and services;
  • To organize events;
  • To tailor our marketing and sales activities to your company’s interests;

When the organization you work for is a prospective, current or former customer or strategic partner

If you work for an organization that is a prospective, current or former customer, we will collect your name, contact details (telephone number, mailing address and email address), business contact details (job title, business email address, business telephone number), in-application usage data, user behavioral insights and details of the organization you work for.

We will Use this information:

  • To organize a demonstration of our products and services;
  • To provide a quotation if requested;
  • To negotiate and conclude contracts;
  • To set up and administer the commercial arrangement;
  • To set you up with a login for any of our platforms or systems;
  • To provide data analytic and related services to the organization you work for;
  • To collect and analyze in-application usage data and user behavioral insights to better understand how our products and services are used, improve user experience, identify product enhancements, and provide support;
  • To administer contracts;
  • To process and manage invoices and payments;
  • To resolve disputes;
  • For the purposes of any company acquisition or disposal, for compliance with legal obligations, for law enforcement and any other purpose required by law.

 

This data is processed by us on the basis of our legitimate interest in improving our services and supporting users, or where applicable, based on your consent. If you choose to withhold any Personal Information requested by us for the purpose of providing a service, you may not be able to access or use the requested service. If you have any concerns about whether you need to provide the Personal Information, please contact the Privacy Office .

Call Data

When you engage with our marketing, sales or customer support teams, please note that calls may be recorded and we may use call data (like call recordings and transcripts), for quality assurance, training purposes, and as a reference for future discussions or to share with relevant stakeholders who were unable to attend the call. We will only share this information with authorized individuals who have a legitimate need to know. Please be aware that by participating in a call, you consent to the potential use and sharing of your call data in this manner. These recordings may capture the call content, metadata (e.g., call time, duration), and any other information you voluntarily provide. The content of the calls may also be transcribed for the purposes of taking minutes and tracking action items. We retain these recordings and the related transcriptions securely for a limited period and only for as long as needed to fulfill their intended purpose, after which they are deleted.

Go back to Table of contents

Will we share your Personal Information?

In some cases, we may share Personal Information with trusted service providers for processing and to help us provide, maintain, and improve our services. We remain accountable for that Personal Information’s privacy and security and use contractual or other means to ensure that service providers meet our privacy and security requirements.

We may make certain automatically collected, aggregated, or otherwise non-personally identifiable information available to third parties. We do not sell or rent personal information collected to third parties.

Who do we share your Personal Information with?

We have set out below the third parties we may share your Personal Information with. If we do this, we will put in place a contract with them which controls how your Personal Information may be used and which requires that your Personal Information is treated in accordance with relevant data protection laws.

  • With companies who provide support for our internal IT systems: We use reputable third parties to provide us with our IT systems (including our Website’s hosting service provider) and support for them. They may access your Personal Information to the extent that they need to in order to provide their services and deal with any issues.
  • With companies who provide marketing services: We may make certain automatically-collected, aggregated, or otherwise non-personally identifiable information available to third parties for various purposes, including, to assist such parties in understanding your interests, habits, and usage patterns for programs, content, services, and functionality available through the Website.
  • With companies who support our products and services: We use reputable third parties to assist with sales and marketing (including customer service and incident management), product engineering and design tools (including software issue tracking), and identity services (including identity federation for single sign on and authentication). They may access your Personal Information to the extent that they need to in order to provide their services and deal with any issues.
  • With a company that we merge with or transfer our business assets to: In the event that we sell all or part of our business, or merge with another company, we may transfer Personal Information that we have collected as described in this Notice, along with our other business assets, to the company that we are selling to or merging with.
  • For compliance with employment reporting or other obligations
  • With entities, organisations or individual for legal reasons: We will share your Personal Information with entities, companies or individuals where this is strictly necessary to comply with any law, rule, regulation, governmental request or legal procedure that is applicable to us.
  • With entities, companies or individuals to obtain advice: We will share your Personal Information with external professional advisors such as lawyers or accountants in order to take advice and for the purposes of legal and tribunal proceedings or enforce the terms of our agreements.

We will only disclose such Personal Information to any third party as is necessary to enable them to carry out the function or purpose for which it is disclosed. If you would like further information on the third parties we may share your Personal Information with and our legal basis for sharing your Personal Information with third parties, please contact the Privacy Office.

Go back to Table of contents

Security and Retention of Personal Information

Zafin has implemented various physical, administrative, and technical safeguards designed to protect Personal Information from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. These safeguards include security reviews and controls such as limiting access to your Personal Information to those employees and other third parties who have a business need to know, and who are subject to a duty of confidentiality. However, no security measures are absolute or wholly guaranteed. You agree to be responsible for all activities conducted on the Website. While we will strive to protect your personal information, the transmission of such data to and from our Services occurs at your own risk. It is advisable to use the services exclusively in a secure environment. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately.

We will only keep your Personal Information for as long as reasonably necessary to fulfil the relevant purposes set out in this Notice and to comply with our legal and regulatory obligations.

If a dispute arises between us, we will keep your Personal Information for the purposes of responding to and dealing with this dispute and this may mean that we keep your Personal Information for longer. If you would like further details, please contact the Privacy Office .

Go back to Table of contents

Rights Regarding Personal Information

On written request and subject to proof of identity, you may

  • Access copies of the Personal Information we hold about you;
  • Request that any necessary corrections be made, where applicable, as authorized or required by law; and
  • Request deletion of your Personal Information, where applicable, as authorized or required by law.

To ensure that the Personal Information we maintain about you is accurate and up to date, please inform us immediately of any change to your Personal Information. Note that this applies if we have a direct relationship with you and you have supplied us with your information, such as in an application for employment. With respect to de-identified personal data that we process for our customers, we can not re-identify individuals and cannot prove the requestor’s identity.

To make a request, please use the contact details provided in the “Contact Us” section. We will consider and act upon any request in accordance with applicable data protection laws.

Go back to Table of contents

Children’s Privacy

The Website is not directed to children under the age of 16, and we do not knowingly collect Personal Information from children under the age of 16 without obtaining parental consent. If you are under 16 years of age, please do not use or access the Website at any time or in any manner. If we learn that Personal Information has been collected via the Website from persons under 16 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 16 years of age has provided Personal Information, then you may alert us as set forth in the “Contact Us” section and request that we delete that child’s Personal Information from our systems.

Go back to Table of contents

Governing Law

This website and Zafin are based in Canada and are governed by the applicable privacy and data protection laws in Canada. Your Personal Information may be stored or processed in any country in which Zafin or its service providers have facilities, and by using this Website or applicable Zafin services, you agree to the transfer of your information to countries outside your country of residence, which may have different data protection rules than in your country. While such information is outside of Canada, it is subject to the laws of the country in which it is held. It may be subject to disclosure to the governments, courts, law enforcement, or regulatory agencies of such another country, pursuant to such a country’s laws.

If you are an individual in the United Kingdom (UK) or European Economic Area (EEA), see the UK/EEA Notice. If you are a resident in the United States of America, see the Notice of Residents of Certain States in United States.

Go back to Table of contents

Changes to this Notice

We may change this Privacy Notice. Changes to this Notice become effective when posted on our website, please note the “Last Updated” date. Your continued use of the website after the revised Notice has become effective indicates that you have read, understood, and agreed to the current version of the Notice.

Go back to Table of contents

Contact Us

If you have any questions or comments about this Notice or your Personal Information, to make an access or correction request, to exercise any applicable rights, to make a complaint, or to obtain information about our policies and practices, our Privacy Office can be reached using the following information:

Mail401 W. Georgia St., Suite 1701
Vancouver, British Columbia
V6B 5A1
Attention: Privacy Office
Email[email protected]

Go back to Table of contents

Notice for individuals in the UK and EEA

If you are based in the UK or EEA, please note that the term Personal Information used in this Notice is equivalent to the term “personal data” under the GDPR and other applicable European data protection laws. Canada’s laws have been determined to be ‘adequate’ by the Commission of the European Union, which means that we are providing equivalent protection to your Personal Information by complying with Canadian law.

Personal Information we collect, how we Use it and our lawful basis

How we collect and use your Personal Information when you visit and use our Website and our lawful basis

We have explained in the above section the Personal Information we will collect about you and how we Use it when you visit our Website.  Full details can be found here.

This Use is on the legal basis that it is in our legitimate interests as a business to be able to respond to inquiries that we receive and ensure that our Website is operational, functional and maintained. We have considered our legitimate interests carefully and have balanced our legitimate interests against your rights under data protection law. We consider that this Use is proportionate because we will only Use the Personal Information we get from you to respond to your inquiry and it is in your reasonable expectations that we would need to Use your Personal Information to be able to respond to you and ensure our Website is operational and functional.

For details about what cookies we Use on our Website and our legal basis for them click here.

How we collect and use your Personal Information when you have agreed that we can market to you and our lawful basis

We will collect your Personal Information to send you information about our services, events and news. Full details can be found here.

Under data protection law we must have a legal basis to Use your Personal Information. Where we Use your Personal Information for marketing, we do this on the basis that you have consented to us sending you marketing. You have the right to change your mind about this at any time. There will be unsubscribe links in all the marketing emails that we send you, and you can also contact us at any time to ask us to stop sending marketing to you. If you wish to do this please contact the Privacy Office .

How we collect and use your Personal Information when the organisation you work for is a prospective, current or former customer and our lawful basis

We will collect and Use your Personal Information to provide the quotation, negotiate and conclude contracts, and set up our customer arrangement with the organisation you work for.

The legal basis for using your Personal Information in this way is that it is in our legitimate interests as a business to be able to contact you to provide a quote and to manage and assist with the conclusion and ongoing performance of a contract with your organisation. We have considered our legitimate interests carefully and have balanced our legitimate interests against your rights under data protection law. We consider that this Use is proportionate because it is relevant and appropriate to our relationship with you, it is in your reasonable expectations that we would need to Use your Personal Information to contact you in this way and we only Use your business contact details for matters which relate directly to our relationship with the organisation you work for.

Do we Use your Personal Information to make automated decisions?

You have the right not to be subject to Automated decisions that will create legal effects or have a similar significant impact on you, unless (i) you have given us your consent (ii) it is necessary for a contract between you and Zafin, or (iii) is otherwise permitted by law. You also have certain rights to challenge decisions made about you. We do not currently carry out Automated decision-making in connection with your Personal Information.

Will we transfer your Personal Information outside the UK/EEA?

We will only transfer your Personal Information outside the UK/EEA as follows:

  • To our IT systems based in Canada;
  • To Zafin group companies
  • To companies who support our products and services (in Canada and the United States, as applicable)
  • Where our third-party service providers who we share Personal Information with (such as cloud service providers) are based outside the UK and/or EEA, have support services located outside the UK and/or EEA or host Personal Information outside the UK and/or EEA.

 

We only transfer your Personal Information outside the UK/EEA where we have a legal basis for doing so and where we ensure that your Personal Information is protected to the same standard as it would be protected in the UK/EEA. Since Canada has been recognized as having an adequacy status by the UK and EU, your Personal Information is held at the same level of protection as it would within the UK and EEA.

Where appropriate, we enter into data sharing agreements with the recipients of your Personal Information based outside the UK/EEA which comply with the EU Commission’s standard clauses and the UK addendum to the standard clauses (if applicable), or the UK Information Commissioner’s International Data Transfer Agreement for the transfer of Personal Information. We carry out all necessary transfer risk assessments and transfer impact assessments for such circumstances. If you would like further details about our transfer of your Personal Information outside the UK/EEA or details of the safeguards put in place in relation to your Personal Information please contact the Privacy Office.

Personal Information Obtained from Third Parties

We may enrich our prospect database with business-contact information obtained from third-party providers (EEA or UK-based) that compile data drawn from publicly available sources—for example, company websites, professional social-media profiles (such as LinkedIn), and official corporate filings. The information we receive may include your name, job title, corporate e-mail address, direct dial or corporate phone number, LinkedIn URL, and employer firmographics (sector, size, headquarters country). When Zafin receives personal information about you from other sources directly, Zafin will provide the following information to you, in addition to all other information already required by the Privacy Notice:

  • The categories of personal data;
  • The source from which the personal data originates, and if applicable, whether it came from publicly accessible sources;
  • The purposes of the processing for which the personal data are intended as well as the legal basis for the processing
  • The legitimate interests pursued by Zafin or by a third party, if processing is based on Article 6(1)(f) GDPR (legitimate interests);
  • The recipients or categories of recipients of the personal data, if any;
  • Where applicable, the fact that Zafin intends to transfer personal data to a third country or international organization and the existence or absence of an adequacy decision by the European Commission, or reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available;
  • The period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
  • The existence of the right to request from Zafin access to and rectification or erasure of personal data or restriction of processing concerning the data subject and to object to processing as well as the right to data portability;
  • Where processing is based on consent, the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
  • The right to lodge a complaint with a supervisory authority;
  • Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data;
  • The existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Zafin will provide this information within a reasonable period after obtaining the personal data, but at the latest within one month, or at the time of the first communication with the data subject, or when the data is first disclosed to another recipient, whichever occurs first.

Your Privacy Rights

As an individual in the UK/EEA, you have certain rights regarding our processing of your Personal Information. This is set out in more detail below. If you wish to exercise any of these rights, you have the right to make a complaint to the supervisory authority in your country. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority and so, if you are happy to do so, please contact the Privacy Office .

  • Right to object: You have the right to object to our processing of your Personal Information where we are relying on a legitimate interest as our legal basis for processing. You may object on grounds relating to your particular situation. If you raise an objection, we will stop processing your Personal Information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.
  • You have an absolute right to object at any time to the processing of your Personal Information for direct marketing purposes: You can exercise this right by clicking the “unsubscribe” link provided in our marketing emails or by contacting the Privacy Office at any time. If you object to processing for direct marketing purposes, we will stop processing your Personal Information for such purposes.
  • Access to your Personal Information: You can request access to a copy of your Personal Information that we hold, along with information on what Personal Information we Use, why we Use it, who we share it with, how long we keep it for and whether it has been used for any Automated decision making. You can request access free of charge. Please make all requests for access in writing to the Privacy Office.
  • Consent: Most of the time, we won’t need your consent to Use your Personal Information as we will be using it only to fulfil our contract with you as one of our clients or it is in our legitimate interests. This legitimate purpose includes Personal Information required to create, maintain, and terminate the commercial relationship. There are limited circumstances where we may ask for your consent to process your information. Where you have given us your consent to Use your Personal Information, you can withdraw your consent at any time by contacting the Privacy Office at [email protected]. Withdrawing your consent does not impact the legality of any processing carried out before the withdrawal, nor does it affect the processing of your Personal Data based on other valid legal grounds aside from consent.
  • Rectification: You can ask us to change or complete any inaccurate or incomplete Personal Information held about you. If we choose not to do so, we will provide you with a written statement explaining why the request could not be met.
  • Erasure: You can ask us to delete your Personal Information where it is no longer necessary for us to use it, you have withdrawn consent and we have no other legal basis to keep your Personal Information, you have asked us to review and explain our legitimate interests to you and we don’t actually have a valid legitimate interest for keeping it, our Use of your Personal Information is illegal, or we have to delete your Personal Information to comply with our legal obligations. Please be aware that we may have legal obligations to retain records for a certain period after the commercial relationship ends. Where we are required by law to keep certain information, we will be unable to delete such information.
  • Portability: You can ask us to provide you or a third party with the Personal Information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred where we are using your Personal Information on the basis of your consent or on the basis that it is necessary to perform a contract with you and the Use of your Personal Information is carried out by automated means.
  • Restriction: : You can ask us to restrict the Personal Information we Use about you where you don’t think the Personal Information we have about you is correct, so that we can check if it is correct, what we are doing with your Personal Information is illegal but you would rather we stop using your Personal Information rather than delete it, we don’t need your Personal Information anymore, but you need us to keep it so that you can exercise any legal rights, or you have asked us to review and explain our legitimate interests to you, so that we can check whether we actually have a valid legitimate interest to do what we are doing.

If you wish to exercise any of these rights, please submit your request in writing to us using the contact details provided in the “Contact Us” section. We will consider and act upon any request in accordance with applicable data protection laws. Please be aware that, to safeguard Personal Data, we may need to verify your identity using a method appropriate for the type of request you are making. If you are resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. Find their contact details here.

Go back to Table of contents

Notice of Residents of Certain States of United States

This section supplements the information contained in this Privacy Notice and applies solely to residents of U.S. states with comprehensive privacy legislation, including California, Colorado, Connecticut, Utah, and Virginia (“Consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) as amended by the California Privacy Rights Act of 2020 (CPRA) and other applicable state privacy laws. At or before the point of collection, we will inform you of the categories of Personal Information to be collected, the purposes for which they will be used, whether the information will be sold or shared, and how long we intend to retain each category of Personal Information.

Your Privacy Rights

Subject to certain legal limitations, you have the following rights regarding your Personal Information:

  • Right to Know and Access: You have the right to request that we disclose the categories and specific pieces of Personal Information we have collected about you, the sources of that information, the business purposes for collecting it, and the categories of third parties with whom we disclose it.
  • Right to Deletion: You have the right to request the deletion of your Personal Information that we have collected, subject to certain exceptions . For instance, we may need to retain your information to complete a transaction, comply with a legal obligation, or for other internal and lawful purposes.
  • Right to Correction: You have the right to request the correction of inaccurate Personal Information that we maintain about you.
  • Right to Data Portability: You have the right to receive a copy of your Personal Information in a portable and, to the extent technically feasible, readily usable format.
  • Right to Opt-Out of Targeted Advertising: While we do not “sell” your Personal Information, you have the right to opt-out of the processing of your data for purposes of targeted advertising. You may exercise this right by contacting the Privacy Office .
  • Right to Opt-Out of Profiling: You have the right to opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects. We do not currently engage in such automated decision-making or profiling .
  • Right to Limit Use of Sensitive Personal Information (California Residents): You have the right to limit our use and disclosure of your Sensitive Personal Information. As stated, we will obtain your consent before collecting and processing such data.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

How to Exercise Your Rights and Appeal

To exercise the rights described above, please submit a verifiable consumer request to us by contacting the Privacy Office via mail or email as detailed in the “Contact Us” section.

We will verify your request by asking you to provide information that matches our records. Only you, or a person legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information.

If we deny your request, you may have the right to appeal our decision. To appeal, please contact the Privacy Office with the subject line “Rights Request Appeal.” We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.

Categories of Personal Information Collected, Used, and Disclosed

We have collected the following categories of Personal Information from you within the last twelve (12) months. This table uses categories defined by the CCPA but is intended to provide disclosure for residents of all applicable states.

CategoryDescriptionThird Party that may recieve
Personal IdentifiersPersonal unique identifiers, such as full name and federal or state issued identification numbers and Social Security Number
  • Organizations required for providing products and services
  • Government agencies
  • Organizations required for employment or HR services
  • Organizations required for external reporting
Personal InformationPersonal Information, including contact details such as telephone number and address, financial information such as account number and balance, as well as medical and health insurance information
  • Organizations required for providing products and services
  • Government agencies
  • Organizations required for employment or HR services
  • Organizations required for external reporting
Purchase InformationPurchase information, such as products and services obtained and transaction histories
  • Organizations required for providing products and services
  • Government agencies
  • Organizations required for employment or HR services
  • Organizations required for external reporting
Internet or Online InformationInternet or online information such as browsing history, and information regarding interaction with our websites, applications, or advertisements
  • Organizations required for providing products and services
  • Government agencies
  • Organizations required for employment or HR services
  • Organizations required for external reporting
Geolocation DataGeolocation data, such as device location
  • Organizations required for providing products and services
  • Government agencies
  • Organizations required for employment or HR services
  • Organizations required for external reporting
Audio and Visual InformationAudio, electronic, visual, thermal, olfactory, or similar information, such as call and video recordings
  • Organizations required for providing products and services
  • Government agencies
  • Organizations required for employment or HR services
  • Organizations required for external reporting
Employment InformationProfessional or employment-related information, such as work history and prior employer
  • Organizations required for providing products and services
  • Government agencies
  • Organizations required for employment or HR services
  • Organizations required for external reporting
Education InformationEducation information, such as school and related information; and
  • Organizations required for providing products and services
  • Government agencies
  • Organizations required for employment or HR services
  • Organizations required for external reporting
InferencesInferences based on information about an individual to create a summary about, for example, an individual’s preferences and characteristics
  • Organizations required for providing products and services
  • Government agencies
  • Organizations required for employment or HR services
  • Organizations required for external reporting

California’s “Shine the Light” Law

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please contact the Privacy Office. As stated, we do not sell or rent personal information to third parties for their marketing purposes.

Key Changes

July 30, 2025

  • We provided more detail on where we collect data from, clarified how we handle international data transfers, and introduced new sections on legal bases for processing.
  • We updated our disclosures for U.S. state privacy laws, added explanations for concepts like automated decision-making, targeted advertising, and sensitive data, and included California’s “Shine the Light” law.
  • We also clarified that we treat de-identified customer data with the same level of protection as identifiable personal information and reorganized the structure of the notice for better global alignment.

January 20, 2025

  • We expanded the Definitions section, included call data as a new category of personal information, updated U.S. state privacy disclosures (such as under the CCPA/CPRA)

April 25, 2023

We restructured the notice to improve clarity and usability. This included

  • Extracted the Cookies Policy into a separate, more detailed format
  • Clarified the purposes for collecting and using personal data
  • Included lawful bases for processing under EU and UK data protection laws.

January 20, 2021

  • We conducted a comprehensive update of our privacy practices and published a new Privacy Notice to reflect our commitment to transparency, regulatory compliance, and responsible data use. This foundational version established how we collect, use, share, and protect personal information across our products and services.

  • We improved the structure and readability of our Privacy Notice by using clear, accessible language to explain how we handle personal information. The page has also been reformatted with interactive links to help you quickly navigate to the topics that matter most to you.

Go back to Table of contents