Last Updated: October 19, 2023
COLLECTION AND USE OF Personal INFORMATION
ComplianceMetrix collects personal information when you provide it to us, which may include the following:
- Contact information, such as first and last name, email address, phone number, and mailing address.
- Professional information, such as company name, job title, company location, and other details we may collect about your business or profession.
- Account information, such as your log-in details, information that you store in your account, information you provide during registration or agreement submission, and other details about your use of the Service.
- Payment information, such as bank account number, credit or debit card number, or financial account details used for payments. All payment processing services connected with your use of the Service is provided to you by third-party payment processors.
- Order history, such as records of products and services you have purchased from us.
- Preferences, such as any preferences you set in your account and any marketing or communications preferences.
- Survey responses, such as the information you provide in response to our surveys or questionnaires.
- Communications, such as the information associated with your requests or inquiries, including for support, assistance, or order information, and any feedback you provide when you communicate with us. We and our service provider may also record or monitor any call or chat you have with us for quality control or training purposes, or to enforce our rights.
Customers and other users of the Service may have the opportunity to refer contacts to us and share their contact information with us. Please do not refer someone to us or share their contact information with us unless you have their permission to do so.
We may also obtain personal information about you from third parties, such as social media platforms and other public sources, third parties that help us advertise our products and services and find new customers, joint marketing partners, event co-sponsors, and other third parties. If you connect your CMX1 account to a third-party platform using one of our integrations, we may also receive your personal information from such third-party platform.
We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your activity over time on our Service and other sites and online services, such as:
- Device data, such as your computer or mobile device operating system type and version number, manufacturer and model, browser type, screen resolution, IP address, unique identifiers, the website you visited before browsing to our website, and general location information such as city, state, or geographic area.
- Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.
cookies and other technology
Like many online services, we use technologies to facilitate some of the automatic data collection described above (such as device and online activity data).
Most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser’s settings. Many browsers accept cookies by default until you change your settings. Please note that by turning cookies off, you will not have access to many features available on our Service and they may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.
- Web beacons, also known as pixel tags or clear GIFs. Web beacons are typically used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked, typically to compile statistics about usage of websites and the success of marketing campaigns.
- Local storage. This is used to save data on an individual’s device. We may use data from local storage to, for example, turn on web navigation, store multimedia preferences, customize what we show you based on your past interactions with our Service, and remember your preferences.
- Session-replay technologies. These are third-party software programs that we may use on the Site or in some locations of the Service to record a video replay of user’s interactions with the Service. The video replay may include users’ clicks, mouse movements, scrolls, mobile app touches, typing, and other activity taken during the session. We use these replays for research and development purposes, such as to help us troubleshoot problems with the Service, understand how users interact with and use the Service, and identify areas for improvement.
We do not respond to browser-based “do not track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com. Currently, we do not have any third party sites who push content to our Site.
CHILDREN AND DATA COLLECTION
The Service is not intended for use by anyone under the age of 18, and we do not knowingly collect personal information from minors under 18.
OUR USE OF YOUR PERSONAL INFORMATION
- To provide the Service, including to operate our business and provide our related Service. For example, we use personal information for the following purposes:
- To fulfill your requests for certain products or services;
- To better understand your needs and provide you with more customized service;
- To communicate with you about the Site or our products and services, including providing notices about your account or transaction;
- To respond to any questions or concerns that you may have;
- To establish, manage, monitor, and maintain your account;
- To provide maintenance and support;
- To verify your identity or determine your eligibility for offers or promotions; and
- To fulfill any other purpose for which you provide personal information.
- For research and development, including to study and improve the Service and our business, understand and analyze the usage trends and preferences of our users, and develop new features, functionality, products, and services. As part of these activities, we may create aggregated, de-identified, or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes.
- For direct marketing, such as when we send you ComplianceMetrix-related or other direct marketing communications as permitted by law, including materials, updates, information, special offers, and promotional material from us and our business partners. If you do provide us with personal information we may use the information to contact you, via e-mail, regular mail, telephone or other means, to provide you with information that you requested about specific products or services, provide additional future information about products or services that may be of interest to you, and to learn about and develop products and services. If you do not want this information disclosed you may “opt out” of future contacts at any time by contacting the Privacy Officer, in writing, as described below in the section titled “Contact Information.”
- To comply with laws and regulations where we believe necessary or appropriate, such as lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.
- For compliance, fraud prevention, and safety, including using and disclosing personal information to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) maintain the safety, security, and integrity of the Service, business, databases, and other technology assets; (b) protect our, your, or others’ rights, privacy, safety or property (including by making and defending legal claims); (c) audit our internal processes for compliance with legal and contractual requirements and internal policies; (d) enforce the terms and conditions that govern the Service; and (e) prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
- With your consent, such as in accordance with your prior direction or, in some cases, we may specifically ask you for your consent to collect, use, or share your personal information, such as when required by law.
SHARING OF PERSONAL INFORMATION
Certain features of the Service are designed to or may optionally be set to integrate with the products and services offered by third parties. If you or the organization through which you access the Service is using the Service as part of an integrated platform, we may share your personal information with the third parties with whom our Service is integrated.
If you joined or were added to the Service as an authorized user of your employer, we may share personal information about you with your employer to facilitate the services that we provide to them.
We may also share personal information with third parties who we partner with for advertising campaigns or that collect information about your activity on the Service for the purposes described in the “interest-based advertising” section above.
ComplianceMetrix reserves the right to disclose personal information to a third party if a law, regulation, search warrant, subpoena, or court order legally requires or authorizes us to do so. We may also disclose personal information in the good faith belief that such action is necessary to comply with a legal obligation or for the purposes described above in the section titled “For compliance, fraud prevention, and safety.”
ComplianceMetrix also reserves the right to disclose and/or transfer personal information to a third party in the event of a proposed or actual purchase, sale, lease, merger, amalgamation or any other type of acquisition, disposal, or financing of all or any portion of ComplianceMetrix or of any of the business or assets or shares of ComplianceMetrix or a division thereof.
ComplianceMetrix collects information and data on how the Service is used by visitors and customers (such as, but not limited to, demographic information, search terms used or how customer perform searches and information about the platform and workflow) (the “Usage Data”) and reserves the right to use, modify, and share such Usage Data in its discretion. In the event any personally identifiable information, data, or content is anonymized, ComplianceMetrix and its agents, subcontractors and licensors may use and share such anonymized information without restriction in accordance with applicable laws.
We endeavor to protect your Personal Information using reasonable measures appropriate to the sensitivity of the information in our control. These measures include safeguards to protect Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use and modification.
We endeavor to protect your personal information using reasonable measures appropriate to the sensitivity of the information in our control. These measures include safeguards to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use and modification.
You may report security concerns by contacting email@example.com.
STORAGE, RETENTION, AND ACCURACY OF PERSONAL INFORMATION
ComplianceMetrix retains your Personal Information:
- For so long as your account is active or as needed to provide you with services or to fulfill our contractual obligations;
- As necessary to comply with our legal obligations, resolve disputes, and enforce our agreements; and
- For so long as is necessary for the purposes for which we collected such Personal Information.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
Links to other websites and third parties
PROCESSING PURPOSE (as described above in the “Our Use of Your Personal Information” section)
To Provide the Service
Research and Development
Processing is based on your consent where that consent is required by applicable law. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consented or via the relevant Service.
Where such consent is not required by applicable law, we process your personal information for this purpose based on our legitimate interests in promoting our business and providing you with tailored, relevant content.
To Comply with Laws and Regulations
Processing is necessary to comply with our legal obligations.
For Compliance, Fraud Prevention, and Safety
Processing is necessary to comply with our legal obligations or based on our legitimate interests in protecting our or others’ rights, privacy, safety, or property.
With Your Consent
Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or via the relevant Services.
Where you believe that we have not processed your request or your personal information in accordance with applicable laws, you may contact us or lodge a complaint with the respective supervisory authority or data protection regulator in your jurisdiction. In the European Economic Area, you can find your data protection regulator here. In the United Kingdom, you can find your data protection regulator here.
International transfers of personal information
CMX1 is based in the United States, and we have service providers in the United States and potentially other countries. By using the Site or Service, your personal information may be collected, used, and stored in these countries or other locations outside of your home country. Privacy laws in the locations where we handle your personal information may not be as protective as the privacy laws in your home country.
For our European visitors and customers, if we transfer your personal information to a country outside of Europe such that we are required to apply additional safeguards to your personal information under European data protection laws, we will do so. Please contact using the contact information below for further information about any such transfers or the specific safeguards applied.