Effective Date: January 9, 2020

 

INTRODUCTION

This Privacy Policy describes how AspenCore, our parent, its subsidiaries and/or affiliates (collectively, “we”, “us” or “our”) collect, use, and share information about you and applies to your use of any websites or mobile apps  that post a link to this Privacy Policy (the “Websites”), through our social media pages (our “Social Media Pages”) as well as through email messages that we may send to you that link to this Privacy Policy (collectively, including the Websites and our Social Media Pages, the “Services“). This Privacy Policy does not apply to our data collection activities offline or otherwise outside of our Services (unless otherwise stated below or at the time of collection).

By using our Services, you agree to our Terms of Use. By consenting to this Privacy Policy, you consent to our collection, use and disclosure practices, and other activities as described in this Privacy Policy. If you do not agree and consent, please discontinue use of the Services, and uninstall Services downloads and applications.

 

  1. COLLECTION OF INFORMATION

  1. Information You Provide To Us

We may collect information you provide directly to us via the Services. For example, we collect information when you use or register for our Services, subscribe to our magazines or newsletters, create a resume, post on our Services, follow other users, participate in promotional activities, enter a sweepstakes or contest, complete a survey, or communicate with us through the Services.

Information we collect may include Personal Information: “Personal Information” is information, whether true or not, that can be used to identify you (whether alone or in combination), which may include your name, e-mail address, postal address (including billing and shipping address), geolocation information, telephone number, and fax number. You may choose to voluntarily submit certain other information to us through the Services, including Personal Information, but you are solely responsible for your own Personal Information in instances where we have not collected such information or requested that you submit such information to us.

De-Identified Data or Personal Information once “de-identified” may not be subject to this Privacy Policy and we and our Service Providers (defined below) may treat it as non-Personal Information and use it without obligation to you except as prohibited by applicable law.

 

  1. Information We Collect Automatically From Your Use of Our Services

We and our agents, vendors, consultants, marketing services providers, and other service providers (collectively, “Service Providers”) may collect certain information about you when you access or use our Services (“Usage Information”). Certain information is collected automatically through your device, such as your: IP address; device identifier, Ad ID, browser type; operating system characteristics; information about your use of our Services; and data regarding network connected hardware (e.g., computer or mobile device) (“Usage Information”). To the extent that Usage Information is Personal Information under applicable law or is combined with Personal Information, we will treat the combined information as Personal Information under this Privacy Policy.

The methods that we and our Service Providers may use to collect Usage Information include:

  1. Log Information: We collect information about your use of our Services, such as IP address, browser type and version, internet service provider, referring/exit pages, operating system, cookies that may uniquely identify your browser or your account, and related data, and store it in log files.
  1. Information Collected by Cookies and Other Tracking Technologies: We and our partners may use cookies, web beacons, embedded scripts, location-identifying technologies, third party flash cookies, or other tracking technologies now and hereafter developed (“Tracking Technologies”) to collect and store information about interactions with our Services or e-mails, including information about your browsing and purchasing behavior. Further information about how we use cookies and tracking technologies, and how you can refuse them, is set out in Section 12

We are giving you notice of the Tracking Technologies and your choices regarding them explained in Section 12 so that your consent to encountering them is meaningfully informed.

  1. Information from Other Sources

We may also obtain your Personal Information from other sources, such as public databases, joint marketing partners and social media platforms, and combine that with information we collect about you. To the extent we combine such third-party sourced information with Personal Information we collect directly from you on the Services, we will treat the combined information as Personal Information under this Privacy Policy. We are not responsible for the accuracy of the information provided by third parties or third-party practices, although we will take reasonable measures to ensure that such information is accurate.

 

  1. USE OF INFORMATION

We and our Service Providers may use information about you for any purposes not inconsistent with our statements under this Privacy Policy or prohibited by applicable law, including to:

  1. Provide, maintain, protect and improve our Services, develop new Services, and protect AspenCore and our users;
  2. Facilitate, manage, personalize and improve your online experience;
  3. Transact with you, respond to your comments and questions, provide customer service, send you informational notices, and fulfill your requests, such as to send you newsletters, brochures, catalogs and e-mails;
  4. Prevent and address fraud, breach of policies or terms and threats or harm, and for our business purposes, such as data analysis, audits, enhancing, improving, or modifying our Services, identifying usage trends, and operating and expanding our business activities; and
  5. Send you newsletters and advertisements and communicate with you about products, services, offers, promotions, rewards, and events we think may be of interest to you.

Marketing Purposes

If you are a user from the United States (U.S.), we may use your Personal Information for direct marketing purposes. If you are a user from outside the U.S., we will not use your Personal Information for direct marketing purposes unless we have received your express consent. As a Non-U.S. user, you have the right to opt-out from direct marketing and can require us to cease to use the data at any time for direct marketing purpose at no cost.

Please see Section 12 for more information about how to manage our communications with you.

 

  1. SHARING OF INFORMATION

 Please note that by using our Services, you agree to share your Personal Information and Usage Information, as described in this section.

  1. With Service Providers

Our Service Providers may receive, or be given access to your information, including Personal Information and Usage Information, in connection with their work on our behalf. These Service Providers may be located in countries other than your country of residence. These Service Providers are prohibited from using your Personal Information for any purpose other than to provide this assistance, although we may permit them to use aggregate information which does not identify you or de-identified data for other purposes. We may also share information about you with our Service Providers as necessary, for the following purposes:

  1. To comply with the law, law enforcement or other legal process, and to respond to requests from public and government authorities, including public and government authorities outside your country of residence to meet national security or law enforcement requirements;
  2. To enforce our terms and conditions;
  3. To protect our operations and protect our rights, privacy, safety or property, and/or that of you or others;
  4. To allow us to pursue available remedies or limit the damages that we may sustain;
  5. With our affiliates for internal business purposes (for example, processing your orders, fulfilling your requests, providing customer service, and improving the Services);
  6. With our subsidiaries, affiliates, business partners, and other third parties for their own business purposes (for example, improving their products and services); and
  7. To a third party in connection with or during negotiations of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).

Aggregated Information

Without limiting the foregoing, in our sole discretion, we may share aggregated information which does not identify you or de-identified information about you with third parties or affiliates for any purpose.

  1. With Third Parties for Direct Marketing Purposes

We may share your Personal Information with third parties for direct marketing purposes as set forth in Section 2. California residents have further rights, as set out in Section 13.

Direct marketing purposes may include, but are not limited to, the following:

  1. Sharing your Personal Information with third parties, including when you click on advertisements or articles on our Services or in emails we send to you;
  2. Rental of email lists to third parties for marketing use;
  3. Marketing emails sent by third parties; and
  4. Emails sent by us sponsored by third parties.

 

  1. SWEEPSTAKES, CONTESTS, AND PROMOTIONS

We may offer sweepstakes, contests, and other promotions (each, a “Promotion”) jointly sponsored or offered by third parties that may require submitting Personal Information. If you voluntarily choose to enter a Promotion, your Personal Information may be disclosed to third parties for administrative purposes, marketing purposes, and as required by law (e.g., on a winners list). By entering, you are agreeing to the official rules that govern that Promotion (see Terms of Use for rules governing giveaway Promotions), and may, except where prohibited by applicable law, allow the Promotion sponsor and/or other parties to use your name, voice and/or likeness in advertising or marketing materials.

 

  1. INFORMATION YOU DISCLOSE PUBLICLY OR TO OTHERS

The Services may permit you to post or submit written content, user profiles, resumes, audio or visual recordings, computer graphics, pictures, data, or other content, including Personal Information (collectively, “User Content”). If you choose to submit User Content to any public area of our Services, your User Content will be considered “public” and will be accessible by anyone, including us, not subject to this Privacy Policy and may be used to the fullest extent permitted by applicable law. We encourage you to exercise caution when making decisions about what you disclose in such public areas. California minors should see Section 13 regarding potential removal of certain posted content.

Additionally, the Services may offer you the option to send a communication to a friend. If so, we rely on you to only send to people that have given you permission to do so. By sending a communication to a friend, you represent that you have permission to provide your friend’s e-mail address. The friend’s information you provide (e.g., name, e-mail address) will be used to send the communication and not used by us for any other marketing purpose unless we obtain consent from that person. Your contact information and message may be included in the communication.

 

  1. THIRD PARTY SERVICES AND SOCIAL FEATURES

Our Services includes hyperlinks to websites, locations, platforms, or services operated by third parties (“Third Party Services”). These Third Party Services may use their own cookies, web beacons and other Tracking Technology to independently collect information about you and may solicit Personal Information from you.

Certain functionalities on the Services permit interactions that you initiate between the Services and certain Third Party Services, such as third party social networks (“Social Features”). Examples of Social Features include “liking” or “sharing” our content and otherwise connecting our Services to a Third Party Service. If you use Social Features, and potentially other Third Party Services, information you post or provide access to may be publicly displayed on our Services or by the Third Party Services that you use. Similarly, if you post information on a Third Party Service that references our Services (e.g., by using a hashtag associated with us in a tweet or status update), your post may be used on or in connection with our Services. Also, both we and the third party may have access to certain information about you and your use of our Services and the Third Party Services. To the extent we combine information from Third Party Services with Personal Information we collect directly from you on the Services, we will treat the combined information as Personal Information under this Privacy Policy.

Third Party Responsibility

The information collected and stored by third parties remains subject to their privacy practices, including whether they continue to share information with us, the types of information shared, and your choices on what is visible to others on Third Party Services. We are not responsible for the collection, usage, and disclosure policies and practices (including the data security practices) of any other organization, including any Personal Information you disclose to other organizations through or in connection with our Social Media Pages. We are not responsible for and make no representations regarding the policies or business practices of any third parties or Third Party Services and encourage you to familiarize yourself with and consult their privacy policies and terms of use.

 

  1. ADVERTISING, ANALYTICS SERVICES, AND ONLINE TRACKING

We may engage and work with third parties to serve advertisements on our behalf on the Services and/or on Third Party Services and to provide analytics services about the use of our Services and the performance of our ads and content on Third Party Services. In addition, we may participate in online advertising networks and exchanges that display relevant advertisements to our Services visitors, on our Services and on Third Party Services and off of our Services, based on their interests as reflected in their browsing of the Services and certain Third Party Services. These entities may use cookies and other Tracking Technologies to automatically collect information about you and your activities, such as registering a unique identifier for your device and tying that to your online activities on and off of our Services. We may use this information to analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on the Services and Third Party Services and better understand your online activity.

Online Behavioral Advertising

Some information about your browsing of the Services and certain Third Party Services may be collected across time and services and shared with third parties to deliver ads and/or other content to you on the Services and certain Third Party Services. We may receive information about Third Party Services that you have visited and use it for marketing purposes—a practice sometimes termed “(re)-targeting,” “interest-based advertising,” and “online behavioral advertising.”

Do Not Track

We are not responsible for third parties or Third Party Services associated with advertising and analytics services, and related tracking activities. Please consult their privacy policies and notices for information on their practices and see Section 12regarding certain choices some of them may offer you. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note there is no consensus among industry participants as to what “Do Not Track” means in this context. Like many online services, we currently do not alter our practices when we receive a “Do Not Track” signal from a visitor’s browser. To find out more about “Do Not Track,” visit http://www.allaboutdnt.com.

 

  1. DATA SECURITY

We take reasonable technical and organizational security measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. In addition, we will not keep your Personal Information for longer than necessary for the purposes set out in this policy. Unfortunately, no data transmission or storage system is completely secure, and we cannot guarantee the security of your information collected through our Services.

Your Personal Information is stored on servers maintained with the assistance of a third party data storage provider. To help protect the privacy of data and personal information we collect and hold, our data storage provider maintains physical, technical, and administrative safeguards which are monitored, tested, and updated on an ongoing basis.

When we engage third-party service providers and when disclosure of Personal Information to such providers is necessary for the provision of such Services, we ensure that such providers protect Personal Information in a manner consistent with this Privacy Policy and, where applicable, are responsible for ensuring that such third parties process European Union (EU) Personal Information in a manner consistent with the Privacy Shield Principles discussed below and/or the General Data Protection Regulation or other applicable legislation.

 

  1. INTERNATIONAL TRANSFER

We are based in the U.S. and the information we collect from the U.S. is governed by U.S. law. If you are accessing the Services from outside of the U.S., please be aware that information collected through the Services may be transferred to, processed, stored and used in the U.S. Your Personal Information may also be transferred to, processed, stored and used in other jurisdictions in which we have subsidiaries and affiliates or Service Providers. Data protection laws in these jurisdictions may be different from those of your country of residence. Your use of the Services or provision of any information therefore constitutes your consent to the transfer to and from, processing, usage, sharing and storage of your information, including Personal Information, in these jurisdictions, as set forth in this Privacy Policy.

We comply with the Privacy Shield Framework, as set forth by the U.S. Department of Commerce in consultation with the European Commission, regarding the collection, use and retention of Personal Information received from the European Union. As we are a U.S. company, we have voluntarily decided to comply with the EU – U.S. Privacy Shield Framework and we are subject to the investigatory and enforcement powers of the Federal Trade Commission. We annually certify our adherence to the Privacy Shield Principles of notice; choice; accountability for onward transfer; security; data integrity and purpose limitation; access; and recourse, enforcement and liability. To learn more about the EU – U.S. Privacy Shield Framework, please visit https://www.privacyshield.gov/EU-US-Framework. To view Arrow’s certification, please visit https://www.privacyshield.gov/list. In the event Privacy Shield is invalidated, information of EU residents will only be transferred in accordance with an approved transfer mechanism, including the model contract clauses.

 

  1. CHILDREN’S PRIVACY

Our Services are not intended for children and are not targeted to children under the age of thirteen (13). If you are a child under the age of thirteen (13), you are not permitted to use the Services and should not send any information about yourself to us through the Services.

We do not knowingly collect any personal information from children under the age of 13 and, if we learn that we have received information from a user under the age of 13, we will delete this information in accordance with the Children’s Online Privacy Protection Act (“COPPA”). If you are a parent or guardian and you believe that your child under the age of thirteen (13) has provided us with personal information without COPPA-required consent, please contact us at privacy@aspencore.com.

If you are a user in South Korea and you are aged under fourteen (14), you are not permitted to use the Services without the consent of your parent or legal guardian. You should not send any information about yourself to us through the Services unless your parent or legal guardian has given his or her consent. We do not knowingly collect any Personal Information from children in South Korea under the age of 14 without consent from a parent or legal guardian and, if we learn that we have received information from a user in South Korea under the age of 14 without requisite consent, we will delete this information. If you are a parent or legal guardian in South Korea and you believe that your child under the age of fourteen (14) has provided us with Personal Information without your consent, please contact us at privacy@aspencore.com.

California minors see Section 13.

 

  1. ACCESSING AND CHANGING INFORMATION

We will provide web pages or other mechanisms allowing you to correct or update some of the Personal Information you have provided us.

Access Rights

Users from the EU, Singapore, Hong Kong, Japan, New Zealand, Mexico, and Australia have a right to access their Personal Information, request corrections and/or deletions, and oppose the use of their Personal Information for specific purposes, subject to exceptions allowed by law. Such users are also entitled to request information on the origin of their Personal Information, the recipients or types of recipients to whom their Personal Information is provided, the reason for which their Personal Information is being stored, and the ways in which their Personal Information has been or may have been used or disclosed by us within a year before the date of the request. If you would like to do so, please send your request in writing by sending an email to privacy@aspencore.com or by sending a letter to AspenCore, 245 Main Street, 2nd Floor, Cambridge, MA 02142  USA. To protect your privacy and the privacy of others, we will need evidence of your identity before we can grant you access to information about you or change it, including your username and password, if applicable. You will not be charged for compliance with such a request.

Changes and Deletions

We will make good faith efforts to make requested changes in our then-active databases as soon as practicable (but may retain prior information for records to the extent not prohibited by applicable law). Please note that it is not always possible to completely remove or delete all of your information or public postings from our databases (California minors see Section 13) and that residual data may remain on backup media or for other reasons. We also may retain cached or archived copies of information about you for a certain period of time.

 

  1. CHOICES: TRACKING AND COMMUNICATIONS OPTIONS

  1. Tracking Technologies Generally – Cookie Policy

Our Services use cookies to distinguish you from other users of our Services. This helps us to provide you with a good experience when you use our Services and also allows us to improve our Services. By continuing to use our Services, you are agreeing to our use of cookies and this cookie policy.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.

Regular cookies may generally be disabled or removed by tools available as part of most commercial browsers, and in some instances blocked in the future by selecting certain settings. Browsers offer different functionalities and options so you may need to set them separately. Please be aware that if you disable or remove cookies some parts of our Services may not work and that when you revisit our Services your ability to limit browser-based Tracking Technologies is subject to your browser settings and limitations.

Cookies and tracking devices used by AspenCore, as categorized by function:

  • Strictly necessary cookies – These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into areas of our website.
  • Analytical/performance cookies – Allow us to recognize and count the number of visitors and to see how visitors move on our website. This helps improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality cookies – These are used to recognize you when you return to our website. This enables us to personalize our content for you, greet you by name and remember your preferences.
  • Targeting cookies – These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

Cookies can also be categorized by how long they remain on your device. There are two broad categories of duration:

  • Persistent cookies – Persistent cookies remain on your device until deleted manually or automatically.
  • Session cookies – Session cookies remain on your device until you close your browser when they are automatically deleted.

We use both persistent and session cookies. Our persistent cookies last no longer than one (1) year.

Information collected by our cookies:

Cookies on our website collect several types of information, including information about your usage of our website and we may collect your IP address as a logged file. An IP address is the number assigned to your device, for example your laptop or mobile phone, when your device accesses the internet.

To the extent that IP addresses are personal data under applicable data protection law, we treat it as Personal Information.  If we link information collected through cookies with any personal data you provide to us through the website, e.g., through submitting a form, we also treat that information as Personal Information.  For information on how we handle personal data collected through the site, please see above.

How to manage cookies in your browser:

Most modern browsers will allow you to:

  • See what cookies you’ve got and delete them on an individual basis;
  • Block third party cookies;
  • Block cookies from sites;
  • Block all cookies from being set; and
  • Delete all cookies when you close your browser.

You should be aware that any preferences will be lost if you delete cookies. This includes where you have opted out from cookies, as this requires an opt-out cookie to be set. Also, if you block cookies completely many websites will not work properly and some functionality on these websites will not work at all. We do not recommend turning cookies off when using our website and Services for these reasons.

If you are primarily concerned about third-party cookies generated by advertisers, you can turn these off separately.

With respect to our mobile applications, you can stop all collection of information by uninstalling the app. Also, you may be able to exercise specific privacy choices, such as enabling or disabling location identifying services, by adjusting the permissions in your mobile device.

Third-party cookies and tracking devices:

When you are using our Services, you may notice that there is content from other websites which we add from time to time to improve the user experience. As a result, you may be sent cookies from these other websites. We do not control these cookies and we suggest you check these third-party websites for more information about the cookies they use and how you can manage them.

Managing advertising cookies:

Please note that if you want to opt out from targeted advertising cookies, this does not mean that you will receive less advertising when you use our services. This just means that the advertising you see will not be as relevant or customized to you.

However, if you still want to opt out of these third party advertising cookies, you can do this by visiting the Interactive Advertising Bureau’s website www.youronlinechoices.com which lists all ad serving cookies that are currently set on your device and tells you how to opt-out from each of them. Please note that this website lists many more networks than those used by us.

Please remember that if you choose to opt out of targeted advertising from a specific company or via www.youronlinechoices.com, it only applies to the web browser on the device you are using. You will therefore need to follow the same process on every device you use or different web browser that you use to exercise the same choice.

Further information about cookies:

If you wish to learn more about cookies in general and how to manage them, visit www.allaboutcookies.org.

Cookie Policy Updates:

If we change this Cookie Policy, we will post those changes on this page and update the modification date above. If we materially change this Cookie Policy, we will notify you by prominently posting a notice of such changes before making them and by stating the effective date of the changes.

  1. Analytics and Interest-Based Advertising

Certain companies may participate in the Digital Advertising Alliance (“DAA”) AdChoices Program and may display an Advertising Option Icon for interest-based ads that links to an opt-out tool which allows you to exercise certain choices regarding targeting. You can learn more about the DAA AdChoices Program at http://www.youradchoices.com and its opt-out program for mobile applications at http://www.aboutads.info/appchoices. In addition, certain advertising networks and exchanges may participate in the Network Advertising Initiative (“NAI”). NAI has developed a tool that allows consumers to opt-out of certain targeted advertising delivered by NAI members’ ad networks. To learn more about opting out of targeted advertising or to use the NAI tool, visit http://www.networkadvertising.org/choices/. Please be aware that, even if you are able to opt-out of certain kinds of targeted advertising, you will continue to receive non-targeted ads. We are not responsible for effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs. However, we support the ad industry’s 2009 Self-regulatory Principles for Online Behavioral Advertising (http://www.iab.net/media/file/ven-principles-07-01-09.pdf) and expect that ad networks we directly engage to serve you interest-based ads will do so as well, though we cannot guarantee their compliance.

  1. Communications

You can opt-out of receiving promotional communications (e-mails or text messages) from us at any time by (i) for promotional e-mails, following the instructions as provided in e-mails to click on the unsubscribe link or changing your communication preferences by logging onto your account; and (ii) for text messages, following the instructions as provided in text messages from us to text the word, “STOP”. Please note that your opt-out is limited to the e-mail address or phone number used and will not affect subsequent subscriptions. If you opt-out of only certain communications, other subscriptions may continue. Even if you opt-out of receiving promotional communications, we may, subject to applicable law, continue to send you non-promotional communications, such as those about your account, transactions, servicing, or our ongoing business relations.

Our mobile applications may send you notifications that may include alerts, sounds, and icon badges. These push notifications or in-app messages may include both operational messages and promotional messages regarding products, services and offers that may be of interest to you. These can be configured in Settings. As with e-mails, even if you opt-out of receiving promotional communications, we may continue to send you non-promotional push notifications, such as those about your use of the applications or our ongoing business relations.

 

  1. YOUR CALIFORNIA PRIVACY RIGHTS

Scope

This Section 13 only applies to the Personal Information of residents of the U.S. state of California in their capacity as consumers (“California consumers”).

“California consumer” does not include individuals in their capacity as human resources, e.g., AspenCore’s employees, job applicants, directors, and contract workers (collectively, “HR individuals”), or individuals in their capacity as emergency contacts, dependents, or beneficiaries of HR individuals.  “Consumer” also does not include individuals in their capacity as employees or other agents of a business engaged in a transaction with us.

This Section 13 applies to all Personal Information of California consumers collected, disclosed for business purposes, or sold by AspenCore both online and offline.

 

  1. How We Collect the Personal Information of California Consumers
  2.  

    Categories of Personal Information Collected in The Last 12 Months Sources of That Personal Information Business Purposes and Commercial Purposes for Collecting That Personal Information
    Identifiers, including: real name, postal address, telephone and fax number(s), Internet Protocol address, email address, and AspenCore account number.

    ·  Provided by the California consumer.

    ·  Automated technologies in the website, including cookies, web beacons, and log files when a consumer visits the Websites.

    ·  Public databases.

    ·  Joint marketing partners.

    ·  Social media platforms.

    ·  Consumer data resellers.

     

    ·  Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, and providing customer support.

    ·  Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, counting impressions to unique visitors, verifying positioning and quality of impressions, and auditing compliance with the law.

    ·  For safety and security, detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.

    ·  Debugging to identify and repair errors that impair existing intended functionality.

    ·  Undertaking activities to verify or maintain the quality or safety of, or to improve, upgrade, or enhance, a service or device that is owned, manufactured, manufactured for, or controlled by AspenCore.

    ·  Product and service training, for example, by providing training and information on using, servicing, selling, and displaying AspenCore’s products and services.

    ·  Marketing and advertising.

    ·  Communications about transactional services and promotions, for example, by communicating about special events, sweepstakes, promotions and surveys.

    ·  Facilitating communications, for example, by collecting and organizing contact information, establishing means of communications, and communicating with current and prospective customers, including regarding questions and feedback.

    Internet or other electronic network activity information, including: device identifier, browser information, operating system characteristics, Internet service provider, referring/exit pages, information regarding interaction with an internet website, application, or advertisement, cookies, web beacons, log files, and other online behaviors.
    Commercial information, including: interest in, inquiries into, and purchases of products and services.
    AspenCore product and service usage information, including: AspenCore products and services purchased; purchase, service and installation dates for AspenCore products and service; complaints; warranty information; product registration data; and feedback on products or services. Provided by the California consumer
    Financial information, including: credit card number; debit card number; bank information and credit references Provided by the California consumer

    ·  Services (processing or fulfilling orders or transactions, verifying customer information, processing payments)

    ·  Order fulfillment

    ·  For safety and security, detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.

     

     

  3. How We Share the Personal Information of California consumers
  4.  

    Categories of Personal Information Collected in The Last 12 Months Categories of Third Parties with Which AspenCore Shared That Personal Information
     

    For all categories of Personal Information:

    ·   AspenCore discloses Personal Information to government agencies, law enforcement, and other parties as required by law and as necessary to protect the rights, property, or safety of AspenCore, its subsidiaries or affiliates, employees, customers, and users.

    ·   AspenCore also discloses Personal Information to vendors and Service Providers, as necessary for the business and commercial purposes listed above.

    ·   AspenCore discloses Personal Information to a third party in connection with or during negotiations of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).

    Identifiers

    ·   Suppliers as necessary to facilitate orders or to cross-market products.

    ·   Subsidiaries, parents, and other affiliated companies.

    Internet or other electronic network activity information Subsidiaries, parents, and other affiliated companies.
    Commercial information

    ·   Suppliers as necessary to facilitate orders or to cross-market products.

    ·   Subsidiaries, parents, and other affiliated companies.

    Product and service usage information Subsidiaries, parents, and other affiliated companies.

     

    Disclosure of Personal Information for a Business Purpose or a Commercial Purpose:
    AspenCore discloses all the categories of Personal Information in the table above for a business purpose or a commercial purpose.

    Sale of Personal Information:
    In the last 12 months, AspenCore has disclosed the following categories of Personal Information about California Consumers to the following categories of third parties:

    Category of Personal Information Category of Third Party
    Name, email address, postal address, job function

    ·   third-party business partners and sponsors

    ·   webinar sponsors

    ·   tech paper sponsors

     

    AspenCore presently does not and shall not sell the Personal Information of California Consumers who have opted out of the sale of their Personal Information. AspenCore does not sell the Personal Information of minors under 16 years of age.

     

  5. Your California Privacy Rights and How to Exercise Them
    1. Your California Privacy Rights:
      • Right to Know: California consumers have the right to submit a verifiable request to know what Personal Information we collect, use, disclose, and sell.
      • Right to Delete: California consumers have the right to submit a verifiable request for deletion of their Personal Information that we have collected or maintain.
      • Right to Opt Out of Sale: California consumers have the right to opt out of the sale of their Personal Information. California consumers under the age of 16 must opt in to the sale of their Personal Information, or their parent or guardian must opt in on their behalf.

    2. How to Exercise Your Rights:

    3. We will respond to requests in accordance with applicable law if we can verify the identity of the individual submitting the request. California consumers can exercise their rights to know and to delete in the following ways:

      • Complete the online request form available here
      • Via telephone at: 1-855-326-4757
      • Via email at: privacy@aspencore.com

    4. How We Will Verify Your Request:
    5. The processes that we follow to verify your identity when you make a request to know or a request to delete are described below.  The relevant process depends on how and why the request is submitted and requests through a password protected account may not be available in all circumstances.

      1. Requests Through Your Password-Protected Account:
      2. If you created a password-protected account with us before the date of your request, we will rely on the fact that your request has been submitted through your account as verification of your identity. We will require that you re-authenticate yourself before we disclose your Personal Information in response to a request to know and before we delete your Personal Information in response to a request to delete.

        You are responsible for protecting the security of your log-in credentials for your account.  Please do not share your log-in credentials with anyone.  If we suspect fraudulent or malicious activity on or from your account, we will not respond to a request to know or a request to delete until we have been able to confirm, through further verification procedures, that you made the request.

      3. Requests Other Than Through A Password-Protected Account:
      4. If you submit a request by any means other than through a password-protected account that you created before the date of your request, the verification process that we follow will depend on the nature of your request as described below:

        1. Requests To Know Categories of Personal Information: If you request to know categories of Personal Information collected, sources, sales, or AspenCore’s business or commercial purposes for use of your Personal Information, we will match at least two or more data points that you provide with your request to know, or in response to our request for verification information, against information about you we already have in our records and that we have determined to be reliable for purposes of verifying your identity.  Examples of relevant data points may include your name and email address, your zip code or information about products or services that you have purchased from us.
        2. Requests for Copies or Requests to Delete Personal Information: Our process for verifying your identity will depend on the sensitivity (as determined by us) of the Personal Information that you ask us to delete or to provide copies of specific pieces of Personal Information.  For less sensitive Personal Information, we will require a match of two data points as described in Point No. 1, above.  For more sensitive Personal Information, we will require a match of three data points and a signed declaration.

        We have implemented the following additional procedures when verifying the identity of requestors:

        1. If we cannot verify your identity based on the processes described above, we may ask you for additional verification information.If we do so, we will permanently delete the verification information that you provide promptly after we have completed the verification process.  We will not use that information for any purpose other than verification.
        2. If we cannot verify your identity to a sufficient level of certainty to respond to your request, we will let you know promptly and explain why we cannot verify your identity.

     

  6. Authorized Agents
  7. You may designate an authorized agent to exercise your right to know or your right to delete by submitting to us a completed “Authorized Agent Designation” form.  You can obtain the designation form by contacting us at privacy@aspencore.com.

    If an authorized agent submits a request to know or a request to delete on your behalf, the authorized agent must submit with the request either (a) a power of attorney that is valid under California law, or (b) a document signed by you that authorizes the authorized agent to submit the request on your behalf.  In addition, we may ask you to follow the applicable process described above for verifying your identity.

     

  8. AspenCore’s Non-Discrimination Policy
  9. California consumers have the right not to be subject to discriminatory treatment by AspenCore for exercising their privacy rights under the California Consumer Privacy Act, and we will not discriminate on that basis. However, we may charge a California consumer a different price or rate or provide a different level or quality of goods or services if the difference is reasonably related to the value provided to the California consumer by the consumer’s Personal Information.  If we do so, we will provide consumers with any legally required notice.

     

  10. Use of The Websites by Minors
  11. Any California residents under the age of eighteen (18) who have registered to use the Services, and who have posted content or information on the Services, can request removal by contacting us at privacy@aspencore.comor by sending a letter to AspenCore, 245 Main Street, 2nd Floor, Cambridge, MA 02142, with information detailing where the content or information is posted. We will make reasonable, good faith efforts to remove the post from prospective public view or anonymize it so the minor cannot be individually identified. This removal process cannot ensure complete or comprehensive removal. For instance, third parties may have republished or archived content by search engines and others that we do not control.

     

  12. Right to Information About Disclosures of Personal Information for Direct Marketing Purposes
  13. California’s “Shine the Light” law permits customers in California to request certain details about how certain types of their information are shared with third parties and, in some cases, affiliates, for those third parties’ and affiliates’ own direct marketing purposes. For our U.S. users, we may from time to time elect to share certain information about you collected by us on the Service with third parties or affiliates for those third parties’ or affiliates’ own direct marketing purposes. If you are a California resident, you may opt-out of such future sharing by contacting us at privacy@aspencore.com or by sending a letter to AspenCore, 245 Main Street, 2nd Floor, Cambridge, MA 02142. Requests must include “California Shine the Light Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this e-mail address or mail address.

     

    1. PRIVACY RIGHTS IN NON-U.S. JURISDICTIONS

    Obligation to Provide Personal Information

    EU persons must, on occasion provide Personal Information to us as necessary to enter into a contract or as required to fulfil contractual obligations, including providing our products and Services, taking payment for products and Services we provide, and billing, shipping, and delivery of our products and Services. You are free to withhold your Personal Information but without this data it will not be possible to execute the contract or provide you with our products and Services.

    When you make a purchase on or of the Services, you must provide Personal Information to us so that we can meet our legal obligations in accordance with applicable tax and statutory provisions. You are free to withhold your Personal Information, but without this data, it will not be possible to provide you with our products and Services.

    Automated Decision-Making

    We sometimes use EU persons’ Personal Information submitted through the Services for automated decision-making. For example, we may display advertisements and send emails to you containing content automatically chosen based on the products or Services we have provided to you in the past. However, we will not use EU persons’ Personal Information submitted through the Services for automated decision-making, including profiling, that produces legal effects or similarly significantly affects EU persons.

    Legal Basis for Processing

    We process your Personal Information with your consent and as required by law. In addition, we process your Personal Information as necessary for the performance of the sales contract, for example, when processing your orders and payments and to take steps, at your request, before entering into a contract with you, for example, by providing you with quotes for products and services. We also process Personal Information as necessary for our legitimate interests as follows:

    • Research and Development: To research use of our products and services, and to improve and develop new products and services;
    • Marketing and advertising: To the extent permitted by applicable law, we use your Personal Information regarding products and services you have ordered, or in which you have otherwise demonstrated an interest, as necessary to analyze your interests and to provide you information about the products and services that we think might interest you; and
    • Security: We use Personal Information for purposes of facility, network, and information security, fraud prevention, and reporting suspected criminal acts. For example, in the event of fraud, a security incident, or a suspected criminal act, we would examine Personal Information that appeared to be linked to the incident as necessary to determine what happened, remediate, report to the authorities, and prevent a recurrence.

    Accuracy and Access to Personal Information

    EU persons may request access to their Personal Information under this policy to the full extent required by applicable law in the home country of the person making the request. Such persons may request the correction, amendment, or deletion their Personal Information that is inaccurate or has been processed in violation of the Privacy Shield Principles. We will reasonably fulfill such requests to the extent required by applicable law.

    Users from outside the U.S. have the right to ask us not to process their Personal Information for marketing purposes. We will inform you (before collecting your information) if we intend to use your information for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your information.

    You can exercise these rights at any time by contacting us at privacy@aspencore.com or by sending a letter to AspenCore, 245 Main Street, 2nd Floor, Cambridge, MA 02142 USA.

    Right to Object to Processing for Direct Marketing or Legitimate Interests

    EU persons have the right to object to the processing of their Personal Information for purposes of AspenCore’s direct marketing or legitimate interests. You can exercise your right to prevent such processing by unsubscribing from the emails you receive from us and any third parties. You can also exercise the right at any time by contacting us at privacy@aspencore.com or by sending a letter to AspenCore, 245 Main Street, 2nd Floor, Cambridge, MA 02142 USA.

    Revocation of Consent

    Users from outside the U.S. also have the right to revoke their given consent regarding the use and sharing of their Personal Information. However, it is important to note that in some cases such request may not be immediately or fully executed because it is possible that we have a legal obligation to keep using your Personal Information. Also, you must consider that for certain purposes, the revocation of consent means that we cannot continue providing the Services you requested. You can revoke your consent at any time by contacting us at privacy@aspencore.com or by sending a letter to AspenCore, 245 Main Street, 2nd Floor, Cambridge, MA 02142 USA.

    Accountability and Inquiries

    Any EU person who is not satisfied with our compliance with the EU – U.S. Privacy Shield may contact us to resolve such complaints at privacy@aspencore.com or by sending a letter to AspenCore, 245 Main Street, 2nd Floor, Cambridge, MA 02142 USA. If any EU person believes that such a complaint has not been resolved, he or she agrees first to try and settle the dispute by mediation, administered by the International Centre for Dispute Resolution under its Mediation Rules, before resorting to arbitration, litigation, or some other dispute resolution procedure. The rules governing these procedures and information regarding how to file a claim free of charge can be found here: http://info.adr.org/safeharbor/.

    Any EU person who remains dissatisfied may contact his or her national Data Protection Authority in the country where the person resides. We have agreed to cooperate and comply with appropriate EU Data Protection Authorities and the Department of Commerce in resolving such disputes. If an EU person remains dissatisfied and meets the pre-arbitration requirements of Annex I Part C of the EU – U.S. Privacy Shield Framework, the person may invoke binding arbitration pursuant to procedures in Annex I of the EU – U.S. Privacy Shield Framework Principles found here: https://www.privacyshield.gov/EU-US-Framework.

     

    1. CHANGES TO THIS PRIVACY POLICY

    We reserve the right to revise and reissue this Privacy Policy at any time. Any changes will be effective immediately upon posting of the revised Privacy Policy. Subject to applicable law, your continued use of our Services indicates your consent to the privacy policy posted. If the changes are material, we may provide you additional notice, to your e-mail address.

     

    1. CONTACT US

    For any requests relating to your Personal Information, or if you have any questions about this Privacy Policy posted at www.aspencore.com, please contact us at:

    AspenCore
    245 Main Street, 2nd Floor
    Cambridge, MA 02142 USA
    privacy@aspencore.com

     

    9201 East Dry Creek Road
    Centennial, CO 80112
    (Attention: Legal Counsel)

     

    European users can contact us at:
    Frankfurter Straße 211
    63263 Neu-Isenburg
    Germany
    (Attention: Legal Counsel)