CAETRA.IO

PRIVACY POLICY

We at Caetra.io (Caetra.io, Inc. and our affiliates and/or subsidiaries) are committed to protecting your privacy. This Privacy Policy applies to both our Website (www.Caetra.io) and our Subscription Services, currently consisting of CyMetric™, including any associated mobile applications (Mobile Apps) owned and controlled by Caetra.io. This Privacy Policy governs our data collection, processing and usage practices. It also describes your choices regarding use, access and correction of your personal information. If you do not agree with the data practices described in this Privacy Policy, you should not use the Website or the Subscription Services.

We periodically update this Privacy Policy. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice by sending you an email notification (assuming you have consented to receiving email from us), or if you subscribe to the Subscription Services, through the Notification app in your Caetra.io portal.

While we will notify you of any material changes to this Privacy Policy, we encourage you to review this Privacy Policy periodically. We will also keep prior versions of this Privacy Policy in an archive for your review.

If you have any questions about this Privacy Policy or our treatment of the information you provide us, please write to us by email at [privacy@Caetra.io] or by mail to Caetra.io, Inc., 99 Garnsey Road, Pittsford, NY, 14534 USA, Attn: Privacy.

No legal services: Caetra is an affiliate of, and controlled by, the law firm of Harris Beach PLLC. Caetra is not in the business of providing legal advice or legal services, and the protections of the client-lawyer relationship (including attorney-client privilege) do not exist with respect to any services provided by Caetra.

1. Use of Subscription Services by Caetra.io and our Customers and/or Vendors

The Caetra.io Subscription Services

Our Subscription Services allow any company that uses them (customers, vendors and Caetra.io itself) to create and share generated or created controls and policies. The Subscription Services can also be used to help organize a customer’s information systems, information types, controls and policies. The information added to the Subscription Services by customers, vendors or by Caetra.io, or customer or vendor contact information, is stored and managed on our service providers’ servers. This information is then used to contact visitors to our site, or users of our Subscription Services, about their interest in Caetra.io’s services and/or to interact with the company. Caetra.io provides the Subscription Services to our customers for their own use in assisting with meeting their information security/ data privacy compliance requirements, and we use them to meet Caetra.io’s related needs.

Use by Caetra.io

Information collected from customers, vendors or visitors to our website is used to contact visitors, or users of our Subscription Services, about their interest in Caetra.io’s services and/or to interact with the company. Caetra.io uses this information to meet Caetra.io’s related needs and/or develop new products or Subscription Services. Information that we collect and manage using the Subscription Services or our Website for our own marketing belongs to us and is used, disclosed and protected according to this Privacy Policy.

Use by Our Customers and/or Vendors

Our customers and/or vendors use the Subscription Services to create and share generated, or created, controls and policies. The Subscription Services also allow customers or vendors to create an inventory of information systems, information types, controls and polices and to also assess and otherwise test their controls and policies. Caetra.io processes our customers’ and/or vendors’ information as they direct and in accordance with our agreements with our customers and vendors, and we store it on our service providers’ servers. Our agreements with our customers prohibit us from using that information, except as necessary to provide and improve the Subscription Services, as permitted by this Privacy Policy, and as required by law. Caetra.io acknowledges that you have the right to access your Personal Information. Our customers and vendors control and are responsible for correcting, deleting or updating information they have input into our Subscription Services. If requested to remove data, either via our email [privacy@caetra.io] or by regular mail or phone as provided below, we will respond within a reasonable timeframe and within all appropriate regulatory frameworks and statutory/regulatory requirements and comply with such request as provided below (see Section 7). Our agreements with our customers prohibit them from using the Subscription Services to collect, manage, or process Sensitive Information (defined below) of others. We are not responsible for our customers’ or Vendors’ use of information they collect using the Subscription Services or our Website once it leaves our Subscription Services or servers.

Caetra.io collects information under the direction of its customers and/or vendors. If you are a customer of one of our customers or vendors and would no longer like to be contacted by one of our customers or vendors that use our Subscription Services, please contact the customer or vendor that you interact with directly. We may transfer Personal Information (defined below) to companies that help us provide our service and or facilitate payments. Transfers to subsequent third parties are covered by the service agreements we have with those third parties, which contain all appropriate privacy protections.

“Sensitive Information”

This refers to credit or debit card numbers or financial account information or any information that may be used to identify any person. Sensitive information also includes social security numbers, passport numbers, driver’s license numbers or similar personal identifiers, information on racial or ethnic origin, physical or mental health condition or information, or other employment, financial or health information, however, we do not collect any of this information.

2. Information We Collect

When You Visit our Website

You are free to explore the Website without providing any Personal Information about yourself. When you visit the Website or register for the Subscription Services, we request that you provide Personal Information about yourself, and we collect Navigational Information (defined below).

When You Use our Mobile Application[C1]

We use mobile analytics software to allow us to better understand the functionality of our Mobile Apps on your mobile device. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. In addition to information we collect on our Website, when you use our Mobile Apps we may also collect your city location, device model and version, device identifier (or “UDID”), OS version, and your Caetra.io Subscription Services credentials.

We send push notifications from time to time in order to update you about events or promotions. If you no longer wish to receive such communications, you may turn them off at the device level.

We may link information we store within the analytics software to Personal Information you submit within the Mobile App. We do this to improve services we offer you and improve our marketing, analytics and site functionality.

“Personal Information”

This refers to any information that you voluntarily submit to us and that identifies you personally, including contact information, such as your name, e-mail address, company name, address, phone number, and other information about yourself or your business. Personal Information can also include information about any transactions, both free and paid, that you enter into on the Website or in the Subscription Services, and information about you that is available on the internet, such as from Facebook, LinkedIn, Twitter, and Google, or publicly available information that we acquire from service providers.

Personal Information also includes Navigational Information or Payment Information where such information can directly or indirectly identify an individual.

“Navigational Information”

This refers to information about your computer and your visits to this website such as your IP address, geographical location, browser type, referral source, length of visit, and pages viewed.

“Payment Information”

This includes the payment information we collect and process from you when you subscribe to the Subscription Services, including credit cards numbers and billing information, using third party PCI-compliant service providers. Except for this, we do not collect Sensitive Information from you.

Log Files

When you use our services or view content provided by us, we automatically collect information about your computer hardware and software. This information can include your IP address, browser type, domain names, internet service provider (ISP), the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, clickstream data, access times, and referring website addresses. This information is used by Caetra.io for the operation of the Subscription Services, to maintain quality of the Subscription Services, and to provide general statistics regarding use of the Caetra.io Website. For these purposes, we do link this automatically-collected data to Personal Information such as name, email address, address, and phone number.

Information we collect from third parties

From time to time, we may receive Personal Information about you from third-party sources including partners with which we offer co-branded services or engage in joint marketing activities, and publicly available sources such as social media.

Information About Children

The Website is not intended for or targeted at children under 16, and we do not knowingly or intentionally collect information about children under 16. If you believe that we have collected information about a child under 16, please contact us at [privacy@Caetra.io], so that we may delete the information.

3. How We Use Information We Collect

Compliance with Our Privacy Policy

We use the information we collect only in compliance with this Privacy Policy. Customers who subscribe to our Subscription Services are obligated through our agreements with them to comply with this Privacy Policy. We will never sell your Personal Information to any third party.

Use of Personal Information

In addition to the uses identified elsewhere in this Privacy Policy, we may use your Personal Information to:
● improve your browsing experience by personalizing the Website and to improve the Subscription Services;
● send information or Caetra.io content to you which we think may be of interest to you by post, email, or other means and send you marketing communications relating to our business;
● promote use of our services to you and share promotional and informational content with you in accordance with your communication preferences;
● provide other companies with statistical information about our users — but this information will not be used to identify any individual user;
● send information to you regarding changes to our Customer Terms of Service, Privacy Policy (including the Cookie Policy), or other legal agreements
● meet legal requirements.

We may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, we do not transfer your Personal Information to the third party.

We use the information collected through our Subscription Services by our customers for the following purposes:
● to provide the Subscription Services (which may include the detection, prevention and resolution of security and technical issues);
● to respond to customer support requests; and
● otherwise to fulfill the obligations under the Caetra.io Customer Terms of Service.

Legal basis for processing Personal Information (EEA visitors only)

If you are a visitor/customer located in the European Economic Area (“EEA”), Caetra.io is the data controller of your personal information. Caetra.io’s Data Protection Officer can be contacted at privacy@Caetra.io.com.

Our legal basis for collecting and using the Personal Information described above will depend on the information concerned and the specific context in which we collect it. However, we will normally collect Personal Information from you only where we have your consent to do so, where we need the Personal Information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Information from you.

If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as of the possible consequences if you do not provide your Personal Information). Similarly, if we collect and use your Personal Information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.

Use of Navigational Information

We use Navigational Information to operate and improve the Website and the Subscription Services. We may also use Navigational Information alone or in combination with Personal Information to provide you with personalized information about Caetra.io.

Customer Testimonials and Comments

We post customer testimonials and comments on our Website, which may contain Personal Information. We obtain each customer’s consent via email prior to posting the customer’s name and testimonial.

Use of Credit Card Information

If you give us credit card information, we use it solely to check your financial qualifications and collect payment from you. We use a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use information you provide except for the sole purpose of credit card processing on our behalf.

Security of your Personal Information

We use a variety of security technologies and procedures to help protect your Personal Information from unauthorized access, use, or disclosure. We secure the Personal Information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. All Personal Information is protected using appropriate physical, technical, and administrative measures.

Social Media Features

Our Website includes Social Media Features, such as the Facebook “Like” button and Widgets, such as the “Share This” button or interactive mini-programs that run on our sites. These features may collect your IP address, which page you are visiting on our sites, and may set a cookie to enable the feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Website. This Privacy Policy does not apply to these features. Your interactions with these features are governed by the privacy policy and other policies of the companies providing them and are not controlled by Caetra.io, its affiliates, or subsidiaries.

External Websites

Our Website provides links to other website(s). We do not control, and are not responsible for the content or practices of, these other Website(s). Our provision of such links does not constitute our endorsement of these other Website(s), their content, their owners, or their practices. This Privacy Policy does not apply to these other website(s), which are subject to any privacy and other policies they may have. We are not responsible for any electronic communications or data that are delayed, lost, altered, intercepted, or stored during the transmission of any data across networks not owned and/or operated by us, including but not limited to, the Internet and your own local network.

Public Forums

We offer publicly accessible message boards, blogs, and community forums. Please keep in mind that if you directly disclose any information through our public message boards, blogs, or forums, this information may be collected and used by others. We are not responsible for any third party’s use of information you disclose through our public message boards, blogs, or forums, though we will correct or delete any information you have posted on the Website if you so request, as described in “Opting Out and Unsubscribing” below.

Retention of Personal Information

How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible, then we will securely store your information and isolate it from any further use until deletion is possible.

We retain Personal Information that you provide to us where we have an ongoing legitimate business need to do so (for example, as long as is required in order to contact you about the Subscription Services or our other services, or as needed to comply with our legal obligations, resolve disputes and enforce our agreements).

When we have no ongoing legitimate business need to process your Personal Information, we securely delete the information or anonymize it or, if this is not possible, then we will securely store your Personal Information and isolate it from any further processing until deletion is possible. We will delete this information from the servers at an earlier date if you so request, as described in “To Unsubscribe from Our Communications” below.

If you provide information to our customers as part of their use of the Subscription Services as a vendor, our customers decide how long to retain the Personal Information they collect from you or that you retain on their behalf. If a customer terminates its use of the Subscription Services, then we will provide customer with access to all information stored for the customer by the Subscription Services, including any Personal Information provided by you, for export by the customer according to our agreement with our customer. After termination, we may, unless legally prohibited, delete all customer information, including all Personal Information, from the Subscription Services.

If you have elected to receive marketing communications from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our content, products, or services, such as when you last opened an email from us or ceased using your Caetra.io account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.

4. How we Share Information we Collect

Service Providers

We employ affiliated companies or our parent company to provide services to visitors to our Website and users of the Subscription Services and may need to share your information with them to provide information, products or services to you. Examples may include supplementing the information you provide us in order to provide you with better service, and providing customer service or support. In all cases where we share your information with such affiliated companies or our parent company, we explicitly require the agent to acknowledge and adhere to our privacy and customer data handling policies.

Caetra.io Partners

In addition, we may share data with trusted partners to contact you based on your request to receive such communications, help us perform statistical analysis, or provide customer support. Such third parties are prohibited from using your Personal Information except for these purposes, and they are required to maintain the confidentiality of your information.

Corporate Events

If we (or our assets) are acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information gathered by Caetra.io on the Website and the Subscription Services. In this event, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your Personal Information, and choices you may have regarding your Personal Information.

Compelled Disclosure

We reserve the right to use or disclose your Personal Information if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.

5. International Transfer of Information

International Transfers within Caetra.io’s Entities

To facilitate our global operations, we may transfer information to or from either the European Union (“EU”) , Bermuda or the United States and allow access to that information from countries in which the Caetra.io affiliated entities have operations for the purposes described in this policy.

This Privacy Policy shall apply even if we transfer Personal Information to other countries. We have taken appropriate safeguards to require that your Personal Information will remain protected. When we share information about you within and among Caetra.io’s affiliated entities, we make use of standard contractual data protection clauses, which have been approved by the appropriate authorities where applicable, and we rely on the EU-U.S. and Swiss-U.S. Privacy Shield Framework to safeguard the transfer of information we collect from the European Economic Area and Switzerland. Please see our Privacy Shield notice below for more information.

International transfers to third parties

Some of the third parties described in this privacy policy, which provide services to us under contract, may be based in other countries that may not have equivalent privacy and data protection laws to the country in which you reside.

EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield

Caetra.io participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from EU member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List: [https://www.privacyshield.gov]

Caetra.io is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Caetra.io is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

6. Cookies and Similar Technologies

Cookies

Caetra.io and its partners use cookies or similar technologies (such as web beacons) to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole.

What Are Cookies?

A cookie is a very small text document, which often includes an anonymous unique identifier. When you visit a website, that site’s computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies. Each website can send its own cookie to your browser if your browser’s preferences allow it, but (to protect your privacy) your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other sites. Browsers are usually set to accept cookies. However, if you would prefer not to receive cookies, you may alter the configuration of your browser to refuse cookies. If you choose to have your browser refuse cookies, it is possible that some areas of our site will not function as effectively when viewed by users who accept cookies. A cookie cannot retrieve any other data from your hard drive or pass on computer viruses.

Navigational Information Collected by Our Customers

Our customers can use the tools we provide, as well as tools provided by third parties, to collect Navigational Information when you visit their webpages on the Subscription Services. Caetra.io does not control our customers’ use of these tools, nor do we control the information they collect or how they use it.

Flash Cookies and Other Third-Party Tracking Technologies

The Adobe Flash Player (and similar applications) use technology to remember settings, preferences and usage similar to browser cookies but these are managed through a different interface than the one provided by your Web browser. This technology creates locally stored objects that are often referred to as “Flash cookies.” Caetra.io does not use Flash cookies.

Advertising

We may partner with a third party ad network to either display advertising on our Web site or to manage our advertising on other sites. Our ad network partner may use cookies and Web beacons to collect information about your activities on this and other Web sites to provide you targeted advertising based upon your interests. If you wish to not have this information used for the purpose of serving you targeted ads, you may opt-out by contacting those third-party networks directly.

Third-Party Tracking Technologies

The use of cookies and web beacons by any tracking utility company is not covered by our Privacy Policy.

7. How to Access & Control Your Personal Data

Reviewing, Correcting and Removing Your Personal Information

You have the following data protection rights:
● You can request access, correction, updates or deletion of your personal information.
● You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information.
● If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
● You have the right to complain to a data protection authority about our collection and use of your personal information. Contact details for data protection authorities in the EEA, Switzerland and certain non-European countries (including the US and Canada) are available here.)

To exercise any of these rights, please contact us at privacy@Caetra.io.com or by mail to Caetra.io, Inc., 99 Garnsey Road, Pittsford, NY, 14534 USA, Attn: Privacy. We will respond to your request to change, correct, or delete your information within a reasonable timeframe and notify you of the action we have taken.

Anti-Spam Policy

Our Terms and Conditions and Privacy Policy applies to us and to our customers and, among other things, prohibits the use of the Subscription Services to send unsolicited commercial email in violation of applicable laws. We require all of our customers and/or vendors to agree to adhere to the Terms and Conditions and Privacy Policy at all times, and any violations of the Terms and Conditions and Privacy Policy by a customer or vendor can result in immediate suspension or termination of the Subscription Services for that customer or vendor.

To Unsubscribe From Our Communications

You may unsubscribe from our marketing communications by contacting us at privacy@Caetra.io.com or postal mail to Caetra.io, Inc., 99 Garnsey Road, Pittsford, NY, 14534 USA, Attn: Privacy or as directed in any email or other notice. Customers cannot opt out of receiving transactional emails related to their account with us or the Subscription Services.

Contact

Caetra may be contacted under the Privacy Policy, or for any other reason relating to privacy of information or data integrity, at the following address(es):

Caetra.io, Inc.

99 Garnsey Road

Rochester, NY 14534

USA

Attn: Privacy.

Email: privacy@caetra.io