Cadalys Privacy Policy

This Privacy Policy outlines the privacy practices of Cadalys, Inc. ("Cadalys," "us," "we," or "our") in connection with your and your company's (in either case, "you" or "your") access to or use of our website at Cadalys.com (the "Website") and the software applications and related services we provided, whether online or off (collectively, the "Services"). By accessing or using the Website and/or Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

What does this Privacy Policy cover?

This Privacy Policy outlines how we collect, use, and disclose information of users, both through the Website and through the Services. online and offline.

Unless otherwise expressly stated, this Privacy Policy does not apply to any third-party practices, websites, or services, whether or not referenced in our Website and Services. Each third party will have its own privacy practices and policies, which you should review before using them. For example, if you subscribe to Cadalys Services that are integrated with a 3 rd party platform, that 3 rd party platform's privacy practices and policies will also apply. 

How do we collect and use information?

Generally, we collect information from you on both the Website and the Services, including as follows:

On the Website: We collect information from you via the Website when you provide it to us, such as by filling out a form on the Website, submitting communications through the Website, through mobile and desktop applications you download from the Website (which provide dedicated non-browser-based interaction between you and the Website), and when you interact with our advertising and applications on third-party websites and services.  

Like many companies, we also collect internet and device information, such as from cookies and other automated technologies, when you visit and browse our Website.

Through the Services:   We collect information from or about you and other persons via the Services. We collect information from customers and prospective customers of the Services, as well as their employees with whom we communicate (collectively for a particular organization, a "Client"), when the Client provides such information to us, such as through email communications, contracts, support tickets, and in the process of setting up the Client's account for the Services.   Through the technological components of the Services, we also automatically collect information about Clients' interactions with the Services. Finally, we collect personal informationincluding, at times, personal health information ("PHI") or other Sensitive Information as discussed below-when Clients input, upload or transfer such data into or via the Services.   Indeed, one of the primary functions of the Services is to assist Clients in keeping track of personal information and other data regarding their own customers and contacts.

Combination: We may combine information collected via the Website, Services, or offline and in-person collection points.  

Purposes: We collect all of this information for our business purposes, namely, to provide and improve our Website and Services. The primary business purpose is to enable us to provide the Services.   Other business purpose include compliance with applicable laws, such as responding to legal requests, enforcing this Privacy Policy and our other contractual rights.   We may also use information for short-term, transient use for an interaction with you and to personalize your experience and communications. We use information for security purposes and to protect against harmful activity. We may use information for debugging for functionality, auditing interactions, and internal research. Moreover, we may use information as otherwise instructed by you and with your consent.

In addition, we collect information for commercial purposes, meaning to market our goods and services. For example, we collect device and other data to better target advertisements and other content in an effort to create a more personally relevant experience.

Use:

We use information for the same reasons that we collect it. For example, we use information for business purposes, such providing the Services.   We also use information for the reasons that we disclose it, as outlined below.

More specifically, we collect the following information for the referenced purposes.

Category	Examples of Data Collected	Collection Point	Purpose for Collection and Use
Identifiers	Contact Information , such as name, address, and email address. Account Information , such as account name and number and username, whether for the Services or an integrated third-party application or platform, such as Salesforce.	We collect this information when you provide it, such as when you fill out a form on our Website or create an account through the Services. We may also collect data from third parties where related to the Website and Services, such as email addresses for potential Clients.	We collect and use data for all business purposes, such as providing and improving our Website and Services, responding to communications, and for security and auditing purposes. We may also collect and use your contact information to market our offerings to you, such as through emails.
Commercial Data	Transactions , such as Services purchased or considered, or purchasing tendencies. Financial, such as name, signature, identifiers, bank account number, credit or debit card number. Inferences , such as creating a profile relating to Client preferences and trends.	We collect this information when you provide it, such as when you complete a form on our Website or enter into a contract with us for the Services. We may also collect information from third parties to help with responding to your requests, processing transactions, and improving Services.	We collect and use data for all business purposes, such as providing and improving our Website and Services, responding to communications, and for security and auditing purposes. We may also use inference information to market offerings of interest to you and enhance Services provided.
Personal Background	Protected Class, such as r ace, religion, national origin, disability, marital status,   sex, age, or sexual orientation. Associations, such as religious beliefs or union membership. PHI, such as medical records or health insurance information.	We collect this information when you or a Client provide it, such as when you fill out a survey or otherwise communicate this information to us or when a Client uploads such information to the Services. We may also collect data like age and sex when you sign up or log in through a third party like Salesforce or Microsoft.	We collect and use data for all business purposes, such as providing and improving our Website and Services, responding to communications, and for security and auditing purposes.
Device Data	Internet and Network Data , such as browsing history, search history, and information regarding a consumers interaction with an internet website, application, or advertisement. See below for more information about cookies and other tracking technologies. Geolocation , such as general location from an IP address or precise geolocation.	We collect this data through cookies and other automated technologies. For example, like many companies, we automatically gather information about your device, such as your IP address, browser type, and operating system. For more information on these practices, see below. We may also collect data when you sign up or log in through a third party like Salesforce or Microsoft.	We collect and use data for all business purposes, such as providing and improving our Website and Services and for security and auditing purposes. We may use geolocation data to provide increased functionality of the Website and Services.
Sensitive Data	In addition to categories described above, we may collect the following: Account Access , such as an account log-in or financial data in combination with a passcode or other credentials. Contents of Messages , such as email or text messages where we are not a recipient. PHI, such as medical records or health insurance information.	We collect sensitive information when you or a Client provide or authorize it, such as through use of our Services. For more information on these practices, see below.	We collect and use data for the business purposes outlined, such as to identify you and your account and for security purposes.
Other Personalized Data	Employment, such as professional or employment history. Education, such as educational history. Other Information , such as communications to us or responses to surveys or promotional offers.	We may collect this information if you provide it, such as if you apply for a job, send us a message, or participate in a survey or offer.	We collect and use data for business purposes, such as reviewing job applications and providing and improving the Website and Services.
Other Non-Personalized Data	Public information Aggregate information De-identified data Pseudonymized data	We may collect this information at any time, from public, Client, third party, and other sources. For example, we may share a public review that you posted about us or use aggregate data for our analytics.	We may collect and use this data for any business or commercial purposes. The information will either be public data or not identify individual users.

When do we disclose information?

As part of our business, we disclose information as follows and for the outlined purposes, which include business purposes to provide and improve the Website and Services and comply with legal and contractual obligations, as well as commercial purposes, such as to market our business.

• Associated Clients. We share your information as applicable to provide the Services to the Client to which your information relates. For example, if a Client inputs personal information to the Services, we may process or share such information for that client only. We do not share information obtained from or in relation to one Client with another Client without express authorization to do so.    
• Integrated Third-Party Solutions. We may share information with third parties at the direction of you or Clients.  For example, if the Services we provide to a particular Client are integrated with that Client's instance of Salesforce, we may share information provided by said Client with Salesforce as part of our provision of the Services.
• Company Parties; Merger or Sale. We may share information with affiliated companies that are related to us under a common ownership where they comply with this Privacy Policy. Such disclosure is for our business purposes, including to provide and improve our offers. Further, we may share information as part of a sale, merger, acquisition, or other change in control or entity status, either in whole or in part. We reserve the right to transfer or assign your information as part of any such transaction or investigation.
• Service Providers and Contractors. We share information with service providers that allows us to provide and improve the Website and Services. Service providers only use your information for a contracted-business purpose. Such disclosure is for our business purposes, in particular to provide you with the Website and Services. We may likewise share information with "contractors" that are not service providers but to whom we disclose information for a business purpose. Such disclosure is for the business purpose of providing you with Services that you have requested or considered.
• Cookies/Device Data. For more information about our use of cookies and other technologies, see further below. Such disclosure is for our business purposes, in particular to provide the Website and Services, as well as commercial purposes, such as to market to Clients that may be interested in our the Website and Services or related offers. We may also contract with third-party advertising companies to serve ads on our behalf. These companies may use cookies or other measures to collect non-identifier information.
• Legal Process and Protection. We may disclose information as necessary to comply with our legal obligations, such as to respond to government requests, law enforcement inquiries, legal processes, subpoenas, and court orders. We may disclose information when we believe it is necessary to investigate, prevent, or respond to illegal, fraudulent, or injurious actions or security incidents that may cause harm to us, the Website and Services, or others. We may also disclose information in good faith where necessary to investigate or enforce a violation of this Privacy Policy, our terms, or any legal rights.
• Consent. We may disclose information as requested or consented to by you. Such disclosure may be for any business or commercial purpose as described to you.

How do we use cookies and similar technologies on the Website?

As with many companies, we may use cookies, pixels, gifs, web beacons, log files, and/or similar technologies to automatically collect certain information when you use the Website or interact with our digital media content. This allows us to track individual users, determine when content is accessed, and customize user experiences. For example, unless you have opted out of cookies or changed your cookie settings in your internet browser, your browser automatically sends us certain device, browser, internet connection, and general geolocation information and certain internet activity information. For instance, we may collect your mobile device identifier or MAC address, ISP carrier information, date and time you access the Website and Services, the pages you visit, and whether you click on ads. You can change your cookie settings in your internet browser and use settings on your device to manage your privacy controls. For more information and ways to opt out, see https://www.allaboutcookies.org/ , and learn how to disable these tools by opting-out of   third-party cookies  and   mobile device ID practices .  

In particular, we may use Google cookies and tools, such as Google Analytics and in certain cases Google Maps, for analytics and advertising and to improve the user experience, and your information may be shared with Google; for more information, visit the Google Cookie Policy , Google Analytics Opt-Out Browser Add-On , or Ads Settings . We may also use Meta and other cookies for the purposes stated above, and your information from cookies may be shared with Meta; for more information visit the Meta/Facebook Cookie Policy .

Please note that there are different types of cookies and related technologies, which may be placed by us or third parties, including essential cookies that are required to display and provide the Website; preference cookies that are used to store preferences and improve user experiences; analytics cookies to determine how the Website is used and that often collect non-personalized information; and marketing cookies to deliver personalized and targeted advertisements that may be of interest to you and others, and which are used for business purposes for advertising to those that visit the Website and Services, and commercial purposes for marketing to others.

Do we sell or share information?

No, we do not sell personal information.

How do we protect and transfer information?

Consistent with others in our industry, we take efforts to employ technical, administrative, and physical security measures for personal information, taking into account reasonable security procedures and accessible technology. If you purchase Services from us, our Services agreement may set forth additional security measures specific to your Services.

However, no system can be completely secure; and we cannot promise, and you should not expect, that your personal information will always remain secure. Your provision of personal information is at your own risk. The safety and security of your information also depends on you. Take steps to safeguard your passwords and other data and notify us as soon as possible if you believe your account security has been breached.

If you are visiting the Website from a location outside of the United States, your connection will be through and to servers located in the United States, and all information you provide will be processed and securely maintained in our web servers and internal systems located within the United States. By using the Website, you authorize and specifically consent to the transfer of personal data to the United States and its storage and use as specified in this Privacy Policy.

Information collected from you when you use the Website (for example, information you submit on a Website form or your IP address) is processed and securely maintained on servers in the United States.   By using the Website, you specifically consent to the transfer of personal data to the United Sates.

Regarding the Services, the location where your client data and other information is stored is dependent on the location of the servers and systems containing your instance of the Services, and the security protocols set forth in your agreement for the Services shall apply. The location of these servers and systems may also vary depending on the Service that you sign up for.   By using the Services, you authorize and specifically consent to the transfer of personal data to the assigned hosting location for your instance of the Services and its storage and use as specified in this Privacy Policy.   Contact us at support@cadalys.com for more details on how we store information by Service.

 

How long do we retain information?

We retain personal information for the length of time necessary to fulfill the purposes outlined in this Privacy Policy, unless a different retention period is requested by you or required or permitted by law. For example, we will retain your personal information for as long as it is needed to provide you with the Website and Services or fulfill a legal or contractual obligation. We may also aggregate, deidentify, or anonymize personal information as applicable for use in analytics, such as to analyze trends over periods of time without specifically identifying you.

We use the following criteria to determine how long we retain personal information: (a) our relationship with you, such as if there is an open contract or account or a pending transaction or request; (b) legal obligations to retain personal information for certain purposes, such as to maintain transaction records; and (c) other obligations or considerations relating to the retention of data, such as contract requirements, litigation holds, investigations, or statutes of limitation.  

What are your privacy rights?

We value consumer privacy rights and strive to provide flexibility with how your personal data is used and shared. If you want to make a privacy request or have any questions, please contact us through our Contact Form or email support@cadalys.com with your name and email address or other identifier used in connection with our the Website and Services so that we can verify your request. If an authorized agent is making a request on your behalf, the agent should provide its name and contact information, such as an email address, in addition to your information. There may be situations where we cannot grant your request; for example, if you make a request and we cannot verify your identity, or if you request deletion of data that we have a legal obligation to keep. Where we deny your request in whole or in part, we will take steps to inform you of the denial and provide an explanation of our actions and the reasons for the denial.

Applicable privacy laws have different requirements and depend on various factors, such as where you live and how much revenue or data is at issue. Generally, we adhere to the following set of privacy rights to the extent applicable to you (e.g., if you are a company, rather than an individual, these rights may not apply) and subject to any limitations authorized by law.

• Access. You can access and obtain your data and ask us for certain information, including: the categories of personal information collected and used; the categories of the sources of data; the business or commercial purposes for collecting, selling, or sharing data; the categories of third parties to whom data is disclosed; and the specific pieces of personal information collected. You also have a similar right to data portability (the ability to export, back up, and transfer data).
• Amend. You can amend, correct, or rectify your data if it is inaccurate.
• Delete. You can have your data deleted subject to certain legal limitations.
• Limit. You can limit the processing of your data, in particular any sensitive data, and limit use of automated decision making, such as profiling. Please see our Limit the Use of My Sensitive Personal Information link here:  https://cadalysinternal.my.site.com/help/s/email-opt-out. We will also respond to recognized global opt-out preference signals where we can verify the request. For more information, see below.
• Opt-Out. You have the right to opt-out of certain data practices. For example, you can unsubscribe from marketing communications by following the opt-out instructions in each message or by contacting us as outlined in this Privacy Policy (please note that we may still send non-marketing messages, and that consent to receiving marketing communications is not mandatory to use the Website and Services).
• Complaints. You have the right to make certain complaints, including for privacy concerns. We value your feedback and seek the opportunity to work with you on any issues. You have the right to no discrimination for asserting your privacy rights.
• Specific State Laws. Several states have enacted privacy laws that may apply to you, depending on the circumstances. For example, the California Consumer Privacy Act ("CCPA"), updated by the California Privacy Rights Act ("CPRA"), governs certain California-related conduct. Under California's "Shine the Light" law, California residents may also request certain information regarding Company sharing personal information with third parties for their direct marketing purposes. Further, if you are a California resident under the age of 18, California Business & Professions Code Section 22581 permits you to request and obtain removal of content you have publicly posted. Please note that such a request does not ensure complete or comprehensive removal of public content.
• European Laws. Generally, residents of the European Economic Area ("EEA") have the right to access your own information that we hold; to ask that your information be corrected, updated, or erased; and the right to object to, or request that we restrict, certain processing of your information. Our legal basis for collecting and using your personal data is your consent, the fulfillment of our obligations pursuant to the contract created between you and Company, or where the collection and use is in our legitimate interests and does not violate your data protection interests or fundamental rights. You may withdraw your consent to our collection and use of your personal data. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your information used in reliance on lawful processing grounds other than consent.
• Other Laws. If certain other privacy laws apply to you that provide you with additional rights, please contact us to make a request, as we strive to comply with all privacy rights.

Do we collect information about children?

No, we do not knowingly collect any personal information about children under the age of 13. If we obtain actual knowledge that we have collected such information, we will delete it from our database. We have no such information to use or to disclose to third parties or to otherwise report, including under the Children's Online Privacy Protection Act ("COPPA"). We do not have actual knowledge of selling or sharing the personal information of consumers under the age of 16.

How do we use or disclose sensitive information?

We do not generally use or disclose "sensitive" personal information, nor do we use sensitive information for purposes other than those specified in the CPRA, which provides for the following uses without additional disclosures where the information is reasonably necessary and proportionate to the use: (a) to perform certain services, such as verifying information or for analytics; (b) to verify or maintain the quality or safety of our the Website and Services; (c) to perform services or provide goods reasonably expected; (d) for short-term use where there is no disclosure or profiling; and (e) to resist malicious, fraudulent, or illegal actions or to ensure physical safety.

Do we offer financial incentives for your data?

No, we do not currently offer any financial incentives for your data.

Do we respond to DNT Signals or GPC?

No, our the Website and Services does not currently respond to DNT, short for Do Not Track, requests. DNT is a feature that, when enabled, sends a signal to websites to request that your browsing not be tracked.

"GPC" is short for Global Privacy Control settings in your browser or extension. We recognize GPC signals. This means that if your browser has GPC enabled, our website will automatically recognize your GPC signal and opt you out of the sale of your personal information, if any. For more information about GPC, please click here:   https://globalprivacycontrol.org/ .

How do we update this Privacy Policy?

We will update this Privacy Policy when our privacy practices change or as otherwise required or permitted by law. Each time you use the Website and Services, the current version of this Privacy Policy will apply. Unless we receive your express consent, any revised Privacy Policy will apply only to information collected after the effective date of the revised Privacy Policy.

How can you contact us?

Please contact us with any questions or concerns! We can be reached at:

Cadalys, Inc.

50 California Street Ste 1500

San Francisco, CA 94105

USA

Phone number 866-570-7560

support@cadalys.com

Contact Form

 

Last Updated: October 16, 2023