This Privacy Notice (“Privacy Notice”) is effective starting January 25, 2021.
ClearedIn Inc. and its subsidiary companies and affiliates (“ClearedIn,” “we,” “our” or “us”), are committed to maintaining the privacy and security of your personal data.
Our authorized collection and use of personal data is guided by our mission to provide you with trusted solutions that protect the security and privacy of personal data.
This Privacy Notice describes how we collect, use, process, transfer, store and/or disclose (collectively “Process”) your personal data and intend to respect your privacy rights. This Privacy Notice describes ClearedIn’s practices with respect to the Processing of your personal data.
This Privacy Notice explains how our website, products, technologies, and staff use your personal data. It applies to our Processing of your personal data when you visit our websites, register to attend an event hosted by us, engage or register with our social media channels, use our products or services, whether online or offline or provided by our personnel (collectively referred to as “Solutions”).
If you have any questions regarding this ClearedIn Privacy Notice, contact us at privacyoffice@ClearedIn.com.
Fair and Lawful basis. ClearedIn will only Process personal data when we have a fair and lawful basis for such activity, including any of the following:
the Processing is necessary to further our legitimate interests, which may include the improvement of our Solutions, securing our systems, enforcing our rights and to protect against fraud
Delivery of Solutions and Product Improvement
Marketing, Events, and Promotions
Improving Internal Operations
Fraud Prevention, Security, Standards and Compliance
In connection with access and use of our Products.
As part of accessing and/or using our Solutions we collect information that is necessary to deliver functionality of our Solutions (including to perform services, manage licenses, communicate with customers and to deliver, improve and develop ClearedIn Solutions).
ClearedIn solutions are designed to analyze communications and collaborations across your digital channels (specifically the user accounts you request to be monitored by the relevant Solution licensed and the content of such communications and collaborations) in order to create reputational scores for users and domains and to discover patterns in communications and relationship strengths, which patterns and relationship strengths can be used for many lawful and beneficial purposes including accessing the security, employee well-being, and company health for its digital channels. The Solutions are designed to attempt to detect and analyze, potential anomalies, attacks, Phishing, pharming, vishing, fraud, credential theft, ransomware, intrusions or bombing, viruses, malware, data leakage, account takeovers or other such malicious activity, code, or transmissions. More specifically, the ClearedIn Solutions may be configured by you to allow scanning/inspection of specific user accounts, headers, and message contents (including attached files) to perform these functions. The relevant digital channels may include, as applicable and relevant to the purchase, email, file sharing, messaging, or any other accounts integrated with Solution.
In connection with our Professional Services.
When providing professional services, ClearedIn may collect personal data from you, users of your networks and systems, and systems that connect to our clients' networks and systems. The collection and use of this personal data are limited to providing the professional service to the client. From time to time, authorized ClearedIn personnel will access personal data and we may transfer personal data to third-party service providers to help us provide these services.
Aggregated Threat Analytics Collected, Analyzed and Maintained.
“Aggregated Threat Analytics” means intelligence, aggregated patterns, machine learning, aggregated statistical information and data that allow our Solution(s) to better detect and/or analyze, potential anomalies, attacks, Phishing, pharming, vishing, fraud, credential theft, ransomware, intrusions or bombing, viruses, malware, data leakage, account takeovers or other such malicious activity, code, or transmissions and that may be learned or otherwise derived or obtained by Solution as part of the normal functionality of the Solution, including any information or data derived from your data which may be shared anonymously without reference to you or your users; This includes information, data, patterns, intelligence which is derived from the community of users of the Solution which may be used to enhance the Solution’s capabilities and enable the Solution to better detect and analyze, as relevant, potential anomalies, attacks, Phishing, pharming, vishing, fraud, credential theft, ransomware, intrusions or bombing, viruses, malware, data leakage, account takeovers or other such malicious activity, code, or transmissions. ClearedIn (and its successors and assigns) may derive, collect, use, analyze, commercially exploit, and share Aggregated Threat Analytics for any legitimate business purposes and in compliance with applicable law during and after the term of your agreement with ClearedIn even if derived from your user accounts or systems.
ClearedIn (and its successors and assigns) shall own and shall not be prevented from exploitation of Aggregated Threat Analytics in any way that is not prohibited by applicable law, including to improve and provide ClearedIn’ offerings and to disclose Aggregated Threat Analytics to other customers in an effort to prevent further threats. For clarity, to the extent Aggregated Threat Analytics are derived from your data, such information or data shall never be shared with any other ClearedIn customers in any manner that would be associated with, identify, or be tied to you or your accounts.
When visiting our Websites
With your consent, when you visit our websites, we collect and aggregate information related to your use of our websites. We (and/or our content management service providers) may measure performance and functionality of our websites and collect certain relevant information about your use of our websites when you visit or return to our sites. This information helps our websites work correctly, provide information about our products and services, and supports our efforts to understand our customers’ interests.
We may collect the following types of information from you when you visit our websites:
Social media features: Our websites may allow you to share information on your social media platform of choice, such as Facebook, Twitter, and LinkedIn. These features are generally recognizable by their third-party logo and may collect your IP address, the page you are visiting on our site, and set a cookie to enable the feature to work properly when you use this functionality.
You may not consent and opt-out of cookies.
When Requesting Information about our Company or Solutions or Registering for an Event or a demo of our Solution(s)
You may sign up to receive information about our company, our Solutions, industry news and information, access our portal, request and participate in a demo, and register to attend an event.
Based on your consent, we (and/or our service providers) may send you electronic communications to keep you informed of changes to our Company or Solutions or other information.
Your personal data will be collected and accessed by authorized ClearedIn personnel (and/or its service providers) to deliver the requested information, the requested demo, and/or market to you in compliance with this Privacy Notice.
We may use third party service providers (such as content management services) to collect your information and we may provide your personal data to third-party service providers to help us deliver the information or access to products that you requested, support event activities, or provide updates about ClearedIn Solutions. Third-party service providers are not permitted to use your information for any other purposes and are required to adhere to personal data protection laws.
The personal data we may collect to deliver the information or product demos you requested, or register you for an event, may include your name, job title, company name, email address, phone number, country, and recent web activity.
You can update your information, review your communication preferences, or stop receiving further communications from us by following the instructions contained within each communication we send you.
If you are registering for an event that is co-sponsored by another organization, you will be informed at the time of registration what data will be shared with that organization.
Your Information Collected directly From You
If you provide personal data to ClearedIn (or ClearedIn service providers collecting data on behalf of ClearedIn), then you are consenting to ClearedIn to Process your personal data for ClearedIn’s identified purposes stated in this Privacy Notice.
Information Shared by Third Party Services which are integrated with the Solution
ClearedIn Solutions interoperate with certain third party communication and collaboration digital channels. As part of these integrations, and with your permission, such third party communication and collaboration services will share certain information and content with the ClearedIn Solution (including user account information, communication and collaboration content and files) so that the ClearedIn Solution can provide the functionality contemplated, including to analyze communications and collaborations across your digital channels in order to create reputational scores for users and domains and to discover patterns in communications and relationship strengths, in an attempt to detect and analyze, potential anomalies, attacks, Phishing, pharming, vishing, fraud, credential theft, ransomware, intrusions or bombing, viruses, malware, data leakage, account takeovers or other such malicious activity, code, or transmissions. More specifically, the ClearedIn Solutions may be configured by you to allow access to and scanning/inspection of specific user account information (e.g. headers, and message contents, files, etc.) The relevant third party communication and collaboration digital channels may include, as applicable and relevant to your purchase, email, file sharing, messaging, or any other similar accounts which are integrated with Solution that you request us to monitor.
You should review the privacy notices/policies and any agreements with such third-parties service providers to understand how your personal data will be Processed and shared by those entities, as ClearedIn is not responsible for your dealings with any third-parties providers. ClearedIn does not directly control how such third-parties Process or share the personal data they collect and share.
Threat Intelligence Feeds.
ClearedIn may obtain or purchase certain personal information from service providers that collect threat intelligence. Such information can be used to attempt to detect and analyze, potential anomalies, attacks, Phishing, pharming, vishing, fraud, credential theft, ransomware, intrusions or bombing, viruses, malware, data leakage, account takeovers or other such malicious activity, code, or transmissions
Information You might provide about other Data Subjects
All personal data about another person provided to ClearedIn is subject to this Privacy Notice. If you (person or entity) provide ClearedIn with personal data about another person (including employees or contractors or otherwise), you are responsible for, and agree to, ensuring that you have (or will obtain) that individual’s consent to do so or that you have or will issue appropriate notices to any data subjects as is necessary for ClearedIn to Process personal data as contemplated by this Privacy Notice.
Information Received Indirectly from Third Parties
As part of our marketing activities, we may receive or purchase additional information from third-party service providers to use for marketing purposes or to otherwise supplement the information you provided directly to us, so we can provide more relevant information about our company and/or our Solutions to you. The information we receive is public information related to the organization or business you work for, such the size of your company, industry, and business mailing address.
Information Received in Connection with Use of Third-Party Cookies
Other ClearedIn Entities, ClearedIn Personnel, ClearedIn Service Providers.
We do not sell, lease, or trade the personal data we collect from you. We may transfer your personal data to other ClearedIn entities for the purposes outlined in this Privacy Notice. We may provide access or transfer your personal data to authorized ClearedIn personnel, and third-party service providers, including service providers and processors as defined under the California Consumer Privacy Act and the EU General Data Protection Regulation, respectively. This includes third-party service providers who help us market, provide support, deliver, maintain or service our Solutions, or otherwise support our business operations.
The personal data shared with ClearedIn entities may include: your contact information, such as your name, e-mail address, account information, telephone number, mailing address, country/region, company name, and job title, along with your recent interactions with our business applications, and event attendance.
ClearedIn may use third-party service providers, such as advertising networks, to deliver targeted advertisements using aggregated personal data that is derived from profile data Processed by ClearedIn and provide such third-parties with general statistics relating to the advertisements delivered. ClearedIn requires our third-party service providers to take commercially reasonable steps to safeguard your personal data, comply with applicable laws and regulations, and to not use your personal data for other purposes unless you have provided consent, or an alternative lawful basis exists to do so.
Compliance with Applicable Laws or Authorities.
Because ClearedIn must comply with applicable laws including local legislation, regulations and the orders of courts or other lawful authorities, other lawful requests, or official legal processes, we may sometimes be required to disclose your personal data to government agencies and law enforcement officials when it is necessary to respond to subpoenas, court orders, other legal process or as required by law or to prevent or take action regarding suspected illegal activities, fraud or software piracy, and situations involving potential threats to the physical safety of any person, or in cases where we believe our intellectual property rights may be violated.
We may also provide access to, assign, or disclose your personal data, in connection with a corporate transaction, such as a merger, acquisition, or purchase all or a portion of our company assets.
Information Sharing to Support Third-Party Offerings or Integrations
ClearedIn uses contractual or other means to provide a comparable level of protection while the personal data is being Processed by our service providers. It is ClearedIn’s policy to enter into confidentiality obligations or employ other lawful data transfer mechanisms with any third-party that obtains confidential information including personal data from ClearedIn to ensure it is adequately protected.
ClearedIn does not own or operate all of the applications or services that you download and use on your systems, computers or devices or that integrate with or are compatible for use with our Solutions. You should review the privacy notices/policies and any agreements with such third-parties to understand how your personal data will be Processed by those entities, as ClearedIn is not responsible for your dealings with any third-parties or the use of any Third-Party Offering. ClearedIn does not directly control how such third-parties Process the personal data they collect in connection with the Third-Party Offerings you use.
ClearedIn is committed to ensuring continuity of adequate protection and lawful Processing of personal data regardless of the jurisdiction. ClearedIn may transfer your personal data outside of your country to a subsidiary, a third-party service provider, or business partner to operate our business and to fulfill the purposes described in this Privacy Notice. By using our websites or providing any personal data to us, where applicable law permits and unless otherwise specified in a separate specific notice, you consent to the transfer, Processing, and storage of such information outside of your country of residence where data protection standards may be different. We will always seek to localize personal data when possible. Several lawful bases exist for ClearedIn to ensure adequacy of data protection when engaging in cross border transfers.
As a Data Processor under GDPR, ClearedIn may execute with its EU customers or customers with GDPR compliance obligations (Data Controllers) Data Protection Addenda that incorporate the EU’s Standard Contractual Clauses to ensure an adequate level of protection throughout the data Processing lifecycle.
We are committed to ensuring that your personal data is secure. We take commercially reasonable measures, including industry standard physical, administrative and technical safeguards, to protect your personal data from unauthorized access, use, alteration, destruction and disclosure.
We retain your personal data for the period necessary to fulfill the purposes for which it was collected (e.g. to provide functionality of products, capture the relationship strength and anomalies, deliver services, etc.) and for a reasonable period thereafter to comply with our standard backup/disaster recovery practices, legal obligations, and contractual and business operational requirements. When personal data is no longer necessary or relevant for ClearedIn’s identified purposes, or required by applicable laws, ClearedIn will take steps to have it deleted, destroyed, erased, aggregated or made anonymous.
With relation to personal data derived from the user accounts monitored by our Solutions or in connection with delivery of our Solutions, we may retain information collected from your user accounts during the term of the agreement and for up to one hundred and twenty (120) days after termination of the Agreement, unless a shorter or longer period of time is mutually agreed with you.
For clarity, any non-personal data and Aggregated Threat Analytics (defined herein) may be retained indefinitely for the purpose of improving the performance of our products and services.
Consistent with good business practice, ClearedIn continues to evolve our controls, schedules and practices for information and records retention and destruction which apply to your personal data. Updates shall be outlined in our updated Privacy Notice.
You can manage how cookies are set by using the cookie consent tool on our websites or by adjusting how your device handles cookies by changing its privacy and security settings, but it may limit your use of certain features on our website. If you do not want to have this information used to serve targeted advertising, you may opt-out
Our Use of analytics services
ClearedIn may use services from third-party service providers to collect and analyze data from users about their use of our websites and Solutions. We use this information to improve the quality and functionality of the services we provide, and to develop features that serve you or other users.
The types of information that we collect include the date and time a user accesses our website, products or services, the IP address the request came from, the features they use, and their frequency of use.
Managing your tracking technologies preferences
You can manage how cookies are set by using the cookie consent tool on our websites or by adjusting how your device handles cookies by changing its privacy and security settings, but it may limit your use of certain features on our website.
If you do not want to have this information used to serve targeted advertising, you may opt-out.
Do Not Track (DNT)
We do not have technology or practices that will change our collection or use practices in response to Do Not Track signals.
ClearedIn may communicate information, surveys, marketing materials, advertisements or customized content which has been personalized to try to make it more relevant to you as part of your existing business relationship with ClearedIn. ClearedIn may ask you from time to time if you would like to receive additional announcements, news, offers or event invitations regarding ClearedIn and ClearedIn Solutions. You may also choose to provide ClearedIn with personal data in response to various ClearedIn promotions. If you agree to participate in contests, surveys, giveaways, reviews, or other promotions that ClearedIn sponsors or co-sponsors, please ensure that you read the Privacy Notice that may be associated with these initiatives in order to obtain further details about how your personal data will be managed. An unsubscribe mechanism will be included with every ClearedIn marketing or commercial communication.
ClearedIn may also send you certain service-related communications. For example, ClearedIn may send a welcome email or message when you first activate a ClearedIn Solution to inform you about the Solution and terms of access and use of the Solution, to provide support services or maintenance services, to notify you about maintenance of the Solutions, to notify you of important changes, to tell you how to manage your credentials or account, to provide service infrastructure notifications or information about upgrades or updates, safety or security information, or for surveys of current or former users. Because such service-related communications are important to your use of ClearedIn Solutions, you may not opt-out of receiving these communications.
At ClearedIn we aim to provide the transparency that you may need to exercise your rights. Below you will find information on your personal data rights as well as how to make requests.
If you are a resident in the European Economic Area and covered by the GDPR, ClearedIn is the Data Controller of your personal data, except where our Solutions have been deployed within an organization, such as your workplace or business, where ClearedIn would then act as a Data Processor under the GDPR.
If you are a resident of the State of California, your rights are addressed in this notice under Your California privacy rights and ClearedIn’s practices.
Depending on the jurisdiction where you are located, you may also have rights to contact your local data protection supervisory authority to lodge a complaint against ClearedIn.
Accessing, Modifying or Deleting your Personal Data
Upon written request, ClearedIn will inform you whether it holds personal data about you and provide you with your personal data within a reasonable timeframe and at minimal or no cost in accordance with applicable laws. If you identify an inaccuracy or incompleteness in your personal data, ClearedIn will amend your information and notify any third-parties as required by applicable laws.
Upon written request, and to the extent authorized under applicable law, ClearedIn will also erase any personal data it holds about you using reasonably appropriate technical measures when:
In certain situations, and depending on applicable laws, ClearedIn may not be able to provide access to the personal data it holds about you if access may adversely affect the rights and freedoms of others. For example, ClearedIn may not provide access to personal data if doing so:
In order to safeguard your personal data from unauthorized access, ClearedIn may ask that you provide sufficient information to identify yourself prior to providing access to your personal data. Depending on the circumstances and subject to applicable laws, ClearedIn may deny processing your request if:
Withdrawing your consent
At any time, you may withdraw your consent for ClearedIn to Process your personal data in accordance with this Privacy Notice, subject to legal or contractual restrictions and reasonable notice. For example, although you can use ClearedIn Solutions for some purposes without providing us with any personal data, ClearedIn may need to Process personal data for some services, including those that require payment or involve an ongoing relationship such as registration or subscription services. As such, ClearedIn may continue to use your personal data as may be required to provide you with requested services, and to the extent that ClearedIn is contractually obligated to do so or as necessary to enforce any contractual obligations you may have with ClearedIn. If you refuse to provide ClearedIn with the personal data it requires or later withdraw your consent to use and disclose this information, ClearedIn may no longer be able to provide you with your ClearedIn Solutions.
You may withdraw your consent at any time by notifying the Privacy Office at ClearedIn at privacyoffice@ClearedIn.com.
Marketing or commercial communications: You may unsubscribe from receiving marketing or commercial communications about ClearedIn or ClearedIn Solutions by:
Your California Privacy Rights and ClearedIn’s Practices
If you are a California resident, California Civil Code Section 1798.83 permits you to request and obtain from us once a year, free of charge, information regarding the disclosure of your personal data by ClearedIn to third-parties for the third-parties’ direct marketing purposes. You may send an email requesting such information to privacyoffice@ClearedIn.com.
To the extent that ClearedIn Processes any personal information relating to a California-based end user of a customer, ClearedIn acts as a Service Provider as defined in the California Consumer Privacy Act (CCPA). Customers shall only disclose end user personal information to ClearedIn solely for: (i) a valid business purpose; and (ii) to permit ClearedIn to provide the ClearedIn Solutions to its customers.
ClearedIn will not (i) sell the personal information, (ii) retain, use, or disclose the personal information for a commercial purpose other than providing the ClearedIn Solutions and as described herein; and (iii) retain, use, or disclose the personal information outside of the provision of the functionality ClearedIn Solutions and Services to Customer pursuant to a written agreement and this notice.
Your GDPR rights
To the extent allowed under the GDPR, if you are an EU resident, you have the right to request details of the personal data we have about you, update inaccurate information about you, request that your personal data be deleted, restrict Processing of your personal data, data portability, and object to the collection or use of personal data that we Process based on our legitimate interests as a company. In some cases, you may be directed to make your request to the organization who licensed our software or services. If you wish to exercise these rights, please submit a request to privacyoffice@ClearedIn.com.
If you live in the European Economic Area and are dissatisfied with our use of your personal data, you have the right to lodge a complaint with your local supervisory authority. You may find contact details on ec.europa.eu.
We value your feedback. If there are any questions regarding this notice, or our collection and use of your personal data, you may contact us by email at privacyoffice@ClearedIn.com or by sending mail to one of the addresses below:
Atten: Privacy Officer
1190 Miraloma Way, Ste P,
Sunnyvale, CA 94085
Each time you access or use ClearedIn website or Solutions, the current version of this notice will apply. We reserve the right to change this Privacy Notice at any time to reflect changes in the law, the ClearedIn Solutions we provide, our business and technology, and our data collection and use practices.
ClearedIn continues to make available information to help our users better understand ClearedIn’s Processing of personal data and how to exercise choices regarding the use of your personal data through various channels including this Privacy Notice, applicable Privacy Notices and additional information that may be made available from time to time on various ClearedIn websites.
If we make any material changes, to this Privacy Notice, ClearedIn will revise the “Last Updated” date that is indicated on the Privacy Notice and any material revisions will be noted.
Your continued use of the ClearedIn products, services or website following the posting of changes to this notice will be deemed your acceptance those changes.
Last Updated: January 25, 2021