• Your full name, contact details and business email addresses, phone number.
• Other information you provide when you communicate with us including your full name, contact details and business email addresses, phone number and the details of our communications.

We use this information for several activities, including:

• Maintaining your user account.
• Sending you service emails (e.g. service-related announcements and messages concerning your account).
• Providing consultation services and responding to queries on services.
• Sending marketing communications to business contacts about Compliance Labs Services and the software it may be interested in; to promote our business and brand.
• You’ll be asked to participate in software evaluation and other activities with Compliance Labs.
• Managing our services and the websites, including investigating any complaints and resolving customer service issues.
• Answer your queries and requests, and otherwise personalize the Compliance Labs experience.
• Dispute resolution.
• For internal analysis and research to help us measure interest in and improve what we do.
• Ensuring that no prohibited or illegal activities are planned; and
• Implementing our policies.

We use this information in practice because:

• We have legitimate business interest to:
  • Manage and market our business and brand.
  • Provide and improve our services.
  • To conduct our business.
  • Enhance the performance and user experience of our websites.
  • Monitor, investigate, and report attacks on the security of our websites.
  • Settle any concerns or disagreements that you have.
• You have given your consent to use personal data for marketing, where necessary under applicable law. To the extent we rely on your consent for the purposes above, you have the right to withdraw such consent at any time by contacting us or through the opt-out functionality included in our marketing messages to you.

Information that we automatically gather about how the Compliance Labs Websites are used

Information we collect about you:

• Information taken in our websites logs: Information concerning your equipment (such as brand and device model, screen dimensions), unique identifiers of equipment (for example, IP address, device ID), browser information (type of browser, URL, visited pages, date and time of access), traffic to and on the websites, location and other information about the device, source of access, and data about the access itself (Internet connection).
• Behavioural data (that means information pertaining to the behavior or presumed interests of an individual which is assigned to any individual and therefore can be used to create personal user profiles.
• Data taken by our cookies.

We use this information for the following purposes:

• Personalizing Compliance Labs websites experience.
• Operating Compliance Labs websites and improving the content and services we can offer.
• Statistical and trend analysis to improve user experiences and the performance of Compliance Labs websites.
• Enable you to access and use Compliance Labs websites; and.
• Dispute resolution and troubleshooting.

We use this information because:

• This is necessary for compliance with any legal or regulatory obligation.
• We have a legitimate business interest to:
  • Monitoring, investigation, and reporting of attempts to breach the security of our sites.
  • Improve performance and the user experience of our websites; and
  • Develop our product and service offerings for services.

Additional Information:

A legitimate interest always applies to the extent that, in cases where we collect and use the information for our justified interests, you are of the opinion that your interests or fundamental rights demanding protection do not stand against our justified interests. Please contact us if you would like more information on how our legitimate interests apply to your personal data.

You must be at least 18 years old to visit our websites and use our online services. In addition, our online services are not for serving those below 18.

We may also process any personal data on reasonable request by a law enforcement or regulatory authority, body or agency in defense of legal claims or otherwise in order to prevent, investigate, or take other action regarding illegal activities, situations involving potential threats to the physical safety of any person, violations of any of Compliance Labs websites terms, or suspected fraud.

Summary of discussion with Compliance Labs:

We may monitor or record calls for training, quality assurance, and research. All recordings will be treated as confidential. If you do not wish us to record your call, you will have an opportunity to opt out. Should you already have a call-in progress, let us know at the beginning of the call if you do not want the call to be recorded.

When We Disclose Personal data

Apart from the disclosures reasonably necessary for the purposes identified elsewhere above, we reserve the right to disclose personal data to all third parties as follows:

• When we have your consent or authorization to do so;
• To comply with the applicable laws, safety and property, protect rights, and respond to lawful requests from public authorities such as disclosing data in appropriate situations for national security or law enforcement purposes;
• To other third parties that work on our behalf to enable the operation of the Websites or help us with information technology systems, which include the suppliers of information technology systems we use to process information or who supply any other technical services.
• To third parties that provide services to us and need access to personal data, including but not limited to, professional advisors such as auditors, and consultants.

Personal data may also be communicated to other third-party organizations for the following purposes:

• If we sell, buy or otherwise dispose of our business or assets or in the event of a bankruptcy, other corporate reorganization, or another similar form of corporate transaction, we may transfer personal data to the party acquiring us and our respective business or assets; we will only do so, however, on the assurance that such records have been kept confidential and within the limits of government regulatory procedures.
• If Compliance labs is supporting a legal claim, our websites or personal data may be transferred as required in connection with defending such claim.
• If there is a necessity need requiring us to share your personal data or for the safety and health of Compliance Labs websites users.

Compliance Labs may also share anonymous or share information regarding you, which shall not include personal data, to develop content and services that provide and improve your Compliance Labs experience.

Data Subject Rights

We take reasonable steps to ensure that any personal data we collect concerning you is accurate, complete and up to date. You may access, review, correct and update personal data or close your account by writing to us at contact-us@compliance-labs.com.

If you are an EU resident, then you also have rights which arise as below. If you are a California resident, please see section below, for more details on your rights under the California Consumer Privacy Act.

Rights for European Union Residents: In certain circumstances you have the right to any of the following in respect of personal data. We have summarized what each of these rights mean and how you can exercise any of the rights below. You may exercise any of these rights by contacting us. Any such request should include information that enables us to verify your identity (for example your name, address, email address or other information reasonably required).

Where we receive a request from you to exercise one of these rights, then we will respond without undue delay and within the time required by applicable law. That deadline may be extended in respect of certain conditions—for example, if requests are complex or numerous.

You will not be charged for the provision of information, unless the request is obviously unfounded or excessive, in particular because of its repetitive character. We might either charge a reasonable fee for the provision of information or refuse to take action on request. Any charges would be provided before any action is taken on a request.

More information will be needed from you for identity verification before any action is taken.

Rights for California Residents:

The California law requires us to provide the residents of the state of California with some additional information about how we collect, use, and share your personal data.

In this Policy, we present in detail the specific types of personal data that we may gather from or about you. Here are the categories of personal data that we have collected:

• Identifiers, such as name and title, contact information, and the name of one’s employer.
• Internet or other similar electronic network activity, including but not limited to browsing history or usage of applications.
• Inferred information about you; and
• Other information can reasonably be associated or that identifies you.

For operational purposes, we may disclose some of the categories of personal data identified above—if such use is appropriate and necessary concerning the circumstances and the operational purpose for which the information was collected or processed.

Compliance Labs have not engaged in sale of personal data activity according to the definition of “sell” under California law and under current regulatory guidance in the past 12 months including not selling  the personal data of minors under 16 years of age.

Further, information identified in Sections “Information We Collect About You and When We Disclose Personal data” of this Policy may be shared with third parties to collect certain information about your activity—for example, with the help of using cookies, as described in the Compliance Labs Cookie Policy.

The law of the state of California may give you certain rights to you and may entitle you to request:

• The categories of personal data we have collected or disclosed about you in the past 12 months and the categories of sources of such information, the business or commercial purpose for collecting or selling your personal data, and the categories of third parties we share personal data with.
• Access and/or obtain a copy of the data that we hold about you.
• Delete some of the data that we have about you.

You have the right to be told of any financial incentives that we may give you, if any. You also have the right not to be discriminated against because you exercise any of the rights under this notice. Note that certain information may be exempt from such a request under applicable law. For example, we require some kinds of information to provide you with the Services and to comply with applicable law. If you ask us to delete certain information, you may not be able to continue to access or use the Services.

If you would like to exercise any of these rights, please contact us at contact-us@compliance-labs.com. You will need to confirm your identity before we can fulfil your request.

California Online Privacy Protection Act Notice Concerning Do Not Track Signals. “Do Not Track.” DNT is a feature offered by some browsers which, when enabled, sends a signal to websites to request that your browsing is not tracked, including by third parties like social networks, analytics companies, and ad networks. Due to the fact that there is no common understanding about how to interpret Do Not Track signals yet, we do not respond to those signals at the moment.

Right of access and/or rectification to your personal data

You have a right of access to personal data that we hold about you and to be provided with a copy of such information. In most cases you will have an opportunity to correct information held about you which is inaccurate.

Right of restriction on processing your personal data: You have the right to request that we restrict the processing of your personal data in the following situations:

• The processing is unlawful, but you want us to keep the data and just restrict its use instead of deleting it.
• Where you challenge the accuracy of your personal data, the restriction shall apply for a period enabling us to verify the accuracy of your personal data.
• We do not need the personal data for the purpose of processing anymore, but it is a must for other legal claims.
• You have objected to the processing under your right. The restriction will be in force until we carry out verification to determine whether we have compelling legitimate grounds for the continuation of the processing.

Right to delete your personal data: You have the right to request us to delete completely or partially your personal data. If you would like to object to the communication, the best option is to allow us to hold your information with a “do not contact” tag to reflect other options.

There also are exceptions under which, for example, we may decline a request for erasure due to information being necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims.

Right to object to the processing of your personal data: You can object to our processing of your information for communication-related purposes.

You may also object to processing your information if we use legitimate interests as the basis for processing. In those cases where we process personal data, we will stop processing personal data when we have determined that there are compelling legitimate grounds for processing, which may override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

Right to Data Portability: Where technically feasible, in most cases you have the right to receive all personal data provided by us in a structured, commonly used, and machine-readable format and to transmit this data to another controller of your data.

Right to file a complaint with a supervisory authority: Where you have a concern about the way in which we have handled your personal data or a concern about our privacy practices, there is also the possibility of lodging a complaint with the competent data protection authority in the habitual country of residence, place of work, or occurrence of the alleged infringement of data protection law.

Cross-border Transfers

Compliance Labs may transfer your personal data to suppliers located outside your home jurisdiction. We will ensure that any such transfer is made with all efforts reasonably possible to protect personal data and in adherence with the law in effect at the time. Compliance Labs may also disclose and transfer personal data related to persons in jurisdictions other than those covered by this Policy, where information is held on servers or databases located outside of the European Economic Area. Some of these countries may not provide an equivalent level of protection to data protection laws in the EEA.

Retention Periods

Compliance Labs will only retain your personal data for as long as we need it to fulfil the purposes for which we collected the data, depending on the legal basis for which that data was obtained, and/or whether additional legal or regulatory obligations require retention.

Simply speaking, this will mean that your personal data shall be kept for the period of our relationship and:

• the time during which tax and company statutes and regulations permit.
• for as long as it is necessary for you to be able to bring a claim against us and for us to be able to defend ourselves against any legal claims that are valid under local laws. This will generally be the length of the relationship with the addition of the length of any applicable statutory limitation period under local laws.

Choices About Your Information

Compliance Labs may collect personal data according to this Policy. If we want to use the information pertaining to you for any other purpose not already mentioned herein, we shall firstly take your written permission.

Communication: You have the option to opt out from receiving messages through the settings, by contacting contact-us@compliance-labs.com. Your email communication preferences are processed with attention to your request regardless of the opt-out; we will still send you service-related communications. We will not sell or disclose your information to third parties for their promotional or marketing purposes without your permission and where not prohibited by the law.

Security: Compliance Labs has implemented technical, administrative, and physical security measures that are designed to help safeguard your information from unauthorized access. In all cases, no method of transmission over the Internet or method of electronic storage is 100% secure, so we cannot guarantee the security of your data. You are further advised, and you agree that you shall be liable for the security of your access credentials, and you must promptly notify us of any unauthorized activity.

Reasonable steps are taken to restrict access to information to only those employees, and suppliers who need such access in order to operate, develop, improve, or deliver our Websites and services.

Cookies and related technologies

A cookie is a small text file including a unique ID sent by a web server to the browser on your computer, mobile phone or any other internet device when you visit a website. Cookies and other related technologies are used in order to make websites or applications work, or work more efficiently, and in order to provide information to the owners of the website or application. We refer to all these technologies as “cookies”.

Part of our web pages may contain electronic images known as clear gif, tags or pixels such as web beacons. These enable us to count users who have visited these pages. Web beacons collect only limited information, for example a cookie number, time and date of a page view, and a description of the page on which the web beacon is in place.

We may also use web beacons in e-mail messages or newsletters to determine whether you open such messages. We use this information to facilitate our services in an efficient way and to enhance the overall effectiveness of our online content, and services we may provide through the websites.

Flash cookies work differently than browser cookies, web browser cookie management tools will not remove flash cookies. Visit Adobe and change the settings at the Global Privacy Settings Panel to learn more about how to manage flash cookies.

Find more information on the use of cookies and other web technologies in the Compliance Labs Cookie Policy.