Effective: January 1, 2020
We at Captricity, Inc. dba Vidado (“Vidado”) respect your privacy concerns and value your trust in protecting your information. This Privacy Notice is meant to help you understand what kind of information we collect, how we use it, and your rights concerning the data we have collected.
This Privacy Notice applies to the processing of personal data or personal information associated with the following activities:
Our products and services allow users to convert business documents and other materials into digital data that is organized and stored within our software platform (the “Services”). Information is provided to the Services by individuals or entities that have signed up for our Services (the “Customers”). We process data provided by our Customers in accordance in accordance with our Customers’ instructions (“Customer Data”).
Your information may be provided to us as a part of the Customer Data. We do not categorize personal data submitted to our Services for processing by our Customers. The nature of our Services prevents us from being able to identify specific personal data processed by our Services, and conclusively attribute it to a specific individual without assistance from our Customers.
You may also provide us with your information directly (“Authorized User Data”) when you use our Services as a user authorized by the Customer to access and use our Services under the Customer’s agreement with us (the “Authorized Users”).
If you reside in the European Economic Area, the United Kingdom, or Switzerland (collectively, “EEA Residents”), you have additional rights with respect to your personal data, which include rights under the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
If you reside in California, USA, you have additional rights with respect to your personal information as granted by the California Consumer Privacy Act of 2018, as amended from time to time, (“CCPA”).
We are the data processor or the service provider, as defined under the GDPR and CCPA, processing personal data/person information on behalf of and in accordance with the instructions provided by our Customers who are the controller or the business of your personal data/personal information. In some limited instances, we are the controller or the business, as defined under GDPR or CCPA. This Privacy Notice does not apply to the extent we process personal data/personal information in the role of a processor or service provider on behalf of our Customers. This Privacy Notice only applies to the personal data/personal information that we process in the role of a controller or business, as defined in the GDPR and CCPA, respectively.
Personal information or personal data is data that identifies an individual or relates to an identifiable individual or a household. This includes information you provide to us, information which is collected about you automatically, and information we obtain from third parties, such as Customers.
We may have collected the following categories of data personal data from you:
|A. Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||YES|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||YES|
|C. Protected classification characteristics under California or federal law.||YES|
|D. Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES|
|E. Biometric information.||YES|
|F. Internet or other similar network activity, including, but not limited to, browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||YES|
|G. Geolocation data.||YES|
|H. Audio, electronic, visual, thermal, olfactory, or similar information||YES|
|I. Professional or employment-related information.||YES|
|J. Education information, defined as information that is not publically available personally identifiable information as defined in the Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||NO|
|K. Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||YES|
Specifically, we collect the following information from you:
We collect personal information that you provide to us directly, such as:
Similar to applications on other commercial website, our application utilizes a standard technology called “cookies” (see explanation below, “What Are Cookies?”), IP addresses and web server logs to collect information about how our Services are used. Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our website, and the websites visited just before and just after our website.
In providing our Services, as a processor, to our Customer, we may be given personal information about individuals (the “Other Data”) and Authorized User Data for processing. If you believe that a Customer may have given us your information, please contact that Customer.
A cookie is a very small text document, which often includes an anonymous unique identifier. When you visit a website, that site’s computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies. Each website can send its own cookie to your browser if your browser’s preferences allow it, but (to protect your privacy) your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other sites.
You may only opt-out of the cookies if you disable cookies in your browser and clear your browser history each time you visit the website. Please follow your browser’s documentation for instructions on how to disable cookies.
HOW YOUR PERSONAL INFORMATION IS USED
Our primary purpose in collecting personal information is to provide our Customers and their Authorized Users with a secure, efficient, and customized experience. We generally use personal information to create, develop, operate, deliver, and improve our services.
We may use the information collected by us or given to us in the following ways:
We may share your personal information may be processed with or stored on the following third-party service providers.
We may also share your personal information in the following circumstances:
ANONYMIZED AND AGGREGATED DATA
Anonymization is a data processing technique that removes or modifies personal information so that it cannot be associated with a specific individual. Except for this section, none of the other provisions of this Privacy Notice applies to anonymized or aggregated Customer or Authorized User Data.
We may use anonymized or aggregate Customer Data, Authorized User Data and Other Data for any business purpose, such as to better understand needs and behaviors of our Customers, improve our Services, conduct business intelligence and marketing, and detect security threats. We may perform our own analytics on anonymized data or enable analytics provided by third-parties.
Legal Basis For Processing Information
We rely on contract and legitimate interest for providing our Services.
We are based in the United States (the “U.S.”) and the information we collect is governed by U.S. law. If you are an EEA Resident, please see the section on GDPR below. By accessing or using our websites or otherwise providing information to us, you consent to the processing and transfer of information in and to the U.S. and other countries.
We take reasonable measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction.
We may disclose your personal information if required to do so by law or subpoena or if we believe that such action is necessary to (a) conform to the law or comply with legal process served on us or Affiliated Parties; (b) protect and defend our rights and property, the Site, the users of the Site, and/or our Affiliated Parties; (c) act under circumstances to protect the safety of users of the Site, us, or third parties.
We are not responsible for the practices employed by any other entities that may/may not link or provide access to our Services.
Please remember that this Privacy Notice is applicable only with respect to our Services. Your browsing and interaction on any other feature on a website that also offers our Services, including websites which have a link to our Services, is subject to that website’s own rules and policies. Please read over those rules and policies before proceeding.
We do not knowingly collect any personal information from children under the age of 13. We do not sell products for purchase by children and all children’s products we sell are for purchase by adults only.
If you are an EEA Resident, you have certain rights with respect to your personal data, as defined under GDPR. Please note that in some circumstances, we may not be able to fully comply with your requests, or we may ask you to provide us with additional information in connection with your request, which may be personal data, for example, if we need to verify your identity or the nature of your request. In such situations, however, we will still respond to let you know of our decision.
If we are the processor, under GDPR, you will have to contact the Customer who provided us with your information, to exercise your data subject rights under GDPR.
To make any of the following requests, contact us using the contact details referred to in the “Contacting Us” section of this notice.
Pursuant to GDPR you have the right to file a complaint with your Data Privacy Authority (DPA), or if you are in the UK, with the Information Commissioner’s Office.
Individuals wishing to find out more about the Data Protection Officer’s and locate the appropriate office, please go to https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules/eu-data-protection-rules_en.
UK individuals wishing to find out more about the Information Commissioner’s Office may go to https://ico.org.uk/.
Vidado is headquartered in the United States. Information we collect from you will be processed in the U.S. The U.S. has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. Vidado relies on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, Vidado collects and transfers to the U.S. personal data only: with your consent; to perform a contract with you; or to fulfill a compelling legitimate interest of Vidado in a manner that does not outweigh your rights and freedoms. Vidado endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with Vidado and the practices described in this Privacy Notice. Vidado also enters into data processing agreements and model clauses with its vendors whenever feasible and appropriate.
The CCPA provides California residents, except for the employees, contractors, and job applicants of the business who are California residents, with specific rights regarding their personal information. This section describes the rights of California residents and explains how to exercise those rights. In this section, “you” refers only to California residents, as described above. Under the CCPA, businesses are required to give California employees, contractors, and job applicants a notice about the categories of data collected and its purpose, which we have provided in the following sections above – TYPES OF PERSONAL INFORMATION WE COLLECT AND HOW WE COLLECT PERSONAL INFORMATION, and HOW YOUR PERSONAL INFORMATION IS USED.
Please note that WE DO NOT SELL OR RENT YOUR DATA TO ANY THIRD-PARTY. If this ever changes, we will properly inform you in accordance with this Privacy Notice and the CCPA.
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm that you are verifiable consumer, we will disclose to you the following:
We do not provide these access and data portability rights for business-to-business (“B2B”) personal information.
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (“VCR”), we will delete your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
We do not provide these deletion rights for B2B personal information.
To exercise the access, data portability, and deletion rights described above, please submit a VCR to us by either:
Emailing us at firstname.lastname@example.org
All requests must contain your full and complete legal name and any alias or other names or nicknames that you use; your contact information, including mailing address, email and phone number; and the description of your request.
Only you, or someone legally authorized to act on your behalf, may make a VCR related to your personal information. You may also make a VCR on behalf of your minor child.
You may designate an authorized agent to make a request to access or a request to delete on your behalf. A response will be furnished to your authorized agent’s request if they submit proof that they are registered with the California Secretary of State to be able to act on your behalf, or submit evidence you have provided them with power of attorney pursuant to California Probate Code section 4000 to 4465. Authorized agents may not be provided with the response pertaining to the request if the authorized agents fail to submit a proof of authorization or are unable to verify their identity.
You may only make a VCR for access or data portability twice within a 12-month period.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a VCR does not require you to create an account with us.
We will only use personal information provided in a VCR to verify the requestor’s identity or authority to make the request.
We endeavor to respond to a VCR within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.
We will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the VCR’s request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your VCR.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
Under California’s “Shine the Light” law, California residents who provide personal information in obtaining products or services for personal, family, or household use are entitled to request and obtain from us once a calendar year information about the information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of such data, the names and addresses of those businesses with which we shared for the immediately prior calendar year. To request a notice, please email your request to email@example.com . Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing will be included in our response. Please also note that we do not share your personal information with any other business for that business’s marketing use.
Captricity, Inc. dba Vidado
130 Webster St, 2nd Floor
Oakland, California 94607
CHANGES TO OUR PRIVACY NOTICE
From time to time it may become necessary to update or change our Privacy Notice and we encourage you to periodically check here for the most current version. If significant changes are made, we will provide you with appropriate notice, which may include conspicuous notice on our website, or email notification.