February 8th, 2023
No legal services: Caetra is an affiliate of, and controlled by, the law firm of Harris Beach PLLC. Caetra is not in the business of providing legal advice or legal services, and the protections of the client-lawyer relationship (including attorney-client privilege) do not exist with respect to any services provided by Caetra.
1. Use of Subscription Services by Caetra.io and our Customers and/or Vendors
The Caetra.io Subscription Services
Our Subscription Services allow any company that uses them (customers, vendors and Caetra.io itself) to create and share generated or created controls and policies. The Subscription Services can also be used to help organize a customer’s information systems, information types, controls and policies. The information added to the Subscription Services by customers, vendors or by Caetra.io, or customer or vendor contact information, is stored and managed on our service providers’ servers. This information is then used to contact visitors to our site, or users of our Subscription Services, about their interest in Caetra.io’s services and/or to interact with the company. Caetra.io provides the Subscription Services to our customers for their own use in assisting with meeting their information security/ data privacy compliance requirements, and we use them to meet Caetra.io’s related needs.
Use by Caetra.io
Use by Our Customers and/or Vendors
Caetra.io collects information under the direction of its customers and/or vendors. If you are a customer of one of our customers or vendors and would no longer like to be contacted by one of our customers or vendors that use our Subscription Services, please contact the customer or vendor that you interact with directly. We may transfer Personal Information (defined below) to companies that help us provide our service and or facilitate payments. Transfers to subsequent third parties are covered by the service agreements we have with those third parties, which contain all appropriate privacy protections.
This refers to credit or debit card numbers or financial account information or any information that may be used to identify any person. Sensitive information also includes social security numbers, passport numbers, driver’s license numbers or similar personal identifiers, information on racial or ethnic origin, physical or mental health condition or information, or other employment, financial or health information, however, we do not collect any of this information.
2. Information We Collect
When You Visit our Website
You are free to explore the Website without providing any Personal Information about yourself. When you visit the Website or register for the Subscription Services, we request that you provide Personal Information about yourself, and we collect Navigational Information (defined below).
When You Use our Mobile Application[C1]
We use mobile analytics software to allow us to better understand the functionality of our Mobile Apps on your mobile device. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. In addition to information we collect on our Website, when you use our Mobile Apps we may also collect your city location, device model and version, device identifier (or “UDID”), OS version, and your Caetra.io Subscription Services credentials.
We send push notifications from time to time in order to update you about events or promotions. If you no longer wish to receive such communications, you may turn them off at the device level.
We may link information we store within the analytics software to Personal Information you submit within the Mobile App. We do this to improve services we offer you and improve our marketing, analytics and site functionality.
This refers to any information that you voluntarily submit to us and that identifies you personally, including contact information, such as your name, e-mail address, company name, address, phone number, and other information about yourself or your business. Personal Information can also include information about any transactions, both free and paid, that you enter into on the Website or in the Subscription Services, and information about you that is available on the internet, such as from Facebook, LinkedIn, Twitter, and Google, or publicly available information that we acquire from service providers.
Personal Information also includes Navigational Information or Payment Information where such information can directly or indirectly identify an individual.
This refers to information about your computer and your visits to this website such as your IP address, geographical location, browser type, referral source, length of visit, and pages viewed.
This includes the payment information we collect and process from you when you subscribe to the Subscription Services, including credit cards numbers and billing information, using third party PCI-compliant service providers. Except for this, we do not collect Sensitive Information from you.
When you use our services or view content provided by us, we automatically collect information about your computer hardware and software. This information can include your IP address, browser type, domain names, internet service provider (ISP), the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, clickstream data, access times, and referring website addresses. This information is used by Caetra.io for the operation of the Subscription Services, to maintain quality of the Subscription Services, and to provide general statistics regarding use of the Caetra.io Website. For these purposes, we do link this automatically-collected data to Personal Information such as name, email address, address, and phone number.
Information we Collect from Third Parties
From time to time, we may receive Personal Information about you from third-party sources including partners with which we offer co-branded services or engage in joint marketing activities, and publicly available sources such as social media.
Information About Children
The Website is not intended for or targeted at children under 16, and we do not knowingly or intentionally collect information about children under 16. If you believe that we have collected information about a child under 16, please contact us at [privacy@Caetra.io], so that we may delete the information.
You can prevent Google Analytics from recognizing you on return visits to this site by disabling cookies on your browser and/or using the methods to opt-out described in the Behavioral Advertising section of this policy.
3. How We Use Information We Collect
Use of Personal Information
- improve your browsing experience by personalizing the Website and to improve the Subscription Services;
- send information or Caetra.io content to you which we think may be of interest to you by post, email, or other means and send you marketing communications relating to our business;
- promote use of our services to you and share promotional and informational content with you in accordance with your communication preferences;
- provide other companies with statistical information about our users — but this information will not be used to identify any individual user;
- meet legal requirements.
We may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, we do not transfer your Personal Information to the third party.
We use the information collected through our Subscription Services by our customers for the following purposes:
- to provide the Subscription Services (which may include the detection, prevention and resolution of security and technical issues);
- to respond to customer support requests; and
- otherwise to fulfill the obligations under the Caetra.io Customer Terms of Service.
Legal Basis for Processing Personal Information (EEA Visitors Only)
If you are a visitor/customer located in the European Economic Area (“EEA”), Caetra.io is the data controller of your personal information. Caetra.io’s Data Protection Officer can be contacted at privacy@Caetra.io.
Our legal basis for collecting and using the Personal Information described above will depend on the information concerned and the specific context in which we collect it. However, we will normally collect Personal Information from you only where we have your consent to do so, where we need the Personal Information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Information from you.
If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as of the possible consequences if you do not provide your Personal Information). Similarly, if we collect and use your Personal Information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
Use of Navigational Information
We use Navigational Information to operate and improve the Website and the Subscription Services. We may also use Navigational Information alone or in combination with Personal Information to provide you with personalized information about Caetra.io.
Customer Testimonials and Comments
We post customer testimonials and comments on our Website, which may contain Personal Information. We obtain each customer’s consent via email prior to posting the customer’s name and testimonial.
Use of Credit Card Information
If you give us credit card information, we use it solely to check your financial qualifications and collect payment from you. We use a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use information you provide except for the sole purpose of credit card processing on our behalf.
Security of your Personal Information
We use a variety of security technologies and procedures to help protect your Personal Information from unauthorized access, use, or disclosure. We secure the Personal Information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. All Personal Information is protected using appropriate physical, technical, and administrative measures.
Social Media Features
We offer publicly accessible message boards, blogs, and community forums. Please keep in mind that if you directly disclose any information through our public message boards, blogs, or forums, this information may be collected and used by others. We are not responsible for any third party’s use of information you disclose through our public message boards, blogs, or forums, though we will correct or delete any information you have posted on the Website if you so request, as described in “Opting Out and Unsubscribing” below.
Retention of Personal Information
How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible, then we will securely store your information and isolate it from any further use until deletion is possible.
We retain Personal Information that you provide to us where we have an ongoing legitimate business need to do so (for example, as long as is required in order to contact you about the Subscription Services or our other services, or as needed to comply with our legal obligations, resolve disputes and enforce our agreements).
When we have no ongoing legitimate business need to process your Personal Information, we securely delete the information or anonymize it or, if this is not possible, then we will securely store your Personal Information and isolate it from any further processing until deletion is possible. We will delete this information from the servers at an earlier date if you so request, as described in “To Unsubscribe from Our Communications” below.
If you provide information to our customers as part of their use of the Subscription Services as a vendor, our customers decide how long to retain the Personal Information they collect from you or that you retain on their behalf. If a customer terminates its use of the Subscription Services, then we will provide customer with access to all information stored for the customer by the Subscription Services, including any Personal Information provided by you, for export by the customer according to our agreement with our customer. After termination, we may, unless legally prohibited, delete all customer information, including all Personal Information, from the Subscription Services.
If you have elected to receive marketing communications from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our content, products, or services, such as when you last opened an email from us or ceased using your Caetra.io account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
4. How we Share Information we Collect
We employ affiliated companies or our parent company to provide services to visitors to our Website and users of the Subscription Services and may need to share your information with them to provide information, products or services to you. Examples may include supplementing the information you provide us in order to provide you with better service, and providing customer service or support. In all cases where we share your information with such affiliated companies or our parent company, we explicitly require the agent to acknowledge and adhere to our privacy and customer data handling policies.
In addition, we may share data with trusted partners to contact you based on your request to receive such communications, help us perform statistical analysis, or provide customer support. Such third parties are prohibited from using your Personal Information except for these purposes, and they are required to maintain the confidentiality of your information.
If we (or our assets) are acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information gathered by Caetra.io on the Website and the Subscription Services. In this event, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your Personal Information, and choices you may have regarding your Personal Information.
We reserve the right to use or disclose your Personal Information if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.
5. International Transfer of Information
International Transfers within Caetra.io’s Entities
To facilitate our global operations, we may transfer information to or from either the European Union (“EU”) , Bermuda or the United States and allow access to that information from countries in which the Caetra.io affiliated entities have operations for the purposes described in this policy.
International Transfers to Third Parties
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield
Caetra.io participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from EU member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List: [https://www.privacyshield.gov]
Caetra.io is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Caetra.io is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
6. Cookies and Similar Technologies
What Are Cookies?
Navigational Information Collected by Our Customers
Our customers can use the tools we provide, as well as tools provided by third parties, to collect Navigational Information when you visit their webpages on the Subscription Services. Caetra.io does not control our customers’ use of these tools, nor do we control the information they collect or how they use it.
Flash Cookies and Other Third-Party Tracking Technologies
The Adobe Flash Player (and similar applications) use technology to remember settings, preferences and usage similar to browser cookies but these are managed through a different interface than the one provided by your Web browser. This technology creates locally stored objects that are often referred to as “Flash cookies.” Caetra.io does not use Flash cookies.
Third-Party Tracking Technologies
7. How to Access & Control Your Personal Data
Reviewing, Correcting and Removing Your Personal Information
You have the following data protection rights:
- You can request access, correction, updates or deletion of your personal information.
- You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information.
- If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. Contact details for data protection authorities in the EEA, Switzerland and certain non-European countries (including the US and Canada) are available here.
To exercise any of these rights, please contact us at privacy@Caetra.io or by mail to Caetra.io, Inc., 99 Garnsey Road, Pittsford, NY, 14534 USA, Attn: Privacy. We will respond to your request to change, correct, or delete your information within a reasonable timeframe and notify you of the action we have taken.
To Unsubscribe From Our Communications
You may unsubscribe from our marketing communications by contacting us at privacy@Caetra.io or postal mail to Caetra.io, Inc., 99 Garnsey Road, Pittsford, NY, 14534 USA, Attn: Privacy or as directed in any email or other notice. Customers cannot opt out of receiving transactional emails related to their account with us or the Subscription Services.
99 Garnsey Road
Rochester, NY 14534 USA