Last updated Date: 25th March, 2021
This policy applies to users (“Users”) of our website, www.cereb.ai (the “Site”) and our Customers’ users (“Customer Users”) of our SaaS products located at platform.cereb.ai (the “Services”). This Policy also applies to any of our other websites/services that post or link to this Policy.
Your use of our Services indicates your acknowledgement of the practices described in this Policy.
Information We Collect:
This Policy describes our processing of information that relates to identified or identifiable individuals (“Personal Data”) through the Site and Services. We collect and process the following categories of Personal Data (note, specific Personal Data elements are examples and may change):
- Identity Data. Personal Data about you and your identity, such as your name, username, biographic/profile data, employer information, and other Personal Data you may provide on registration forms or in an account profile.
- Contact Data.Personal Data used to contact an individual, e.g. email address, physical address, or phone number.
- Device/Network Data. Personal Data relating to your device, browser, or application e.g. IP addresses, MAC addresses, application ID/AdID/IDFA, unique IDs, session history and similar browsing metadata, and other data from cookies and similar technologies.
- Inference Data.Personal Data inferred about personal characteristics and preferences, such as demographics, interests, behavioral patterns, psychological trends, predispositions, or behavior.
We collect Personal Data from various sources based on the context in which the Personal Data will be processed:
- Data we collect from you. We collect Personal Data from you directly, for example, when you input information into an online form, or contact us directly.
- Data we receive from others. We receive Personal Data from third parties with whom we have a relationship, for example, our Customers or service providers.
- Data collected automatically. We may collect certain Personal Data automatically as part of your use of our Site/Services. For example, we collect Device/Network Data automatically using cookies and similar technologies when you use our Sites.
- We do not intentionally or knowingly collect personal information regarding children who are under 18 years of age.
- We reserve the right to access and verify any personal information collected from you by us. In the event that we become aware that an individual under the age of 18 has shared any personal information, we will discard such information. If you have any reason to believe that a minor has shared any information with us, it will be advisable to contact us at: email@example.com@cereb.ai.
Processing of Personal Data:
Our Service. We will process Identity Data, Device/Network Data, and Contact Data when Customer Users register for an account on our Service. We use this information as necessary in connection with the creation, operation, and maintenance of the account and as necessary to fulfill our contractual obligations to Customers, Customers Users, and related operations.
Processing on behalf of our Customers. Our Service, either directly or indirectly through connected third parties, transmits Customer data from Customer controlled applications and data stores to other Customer controlled applications and data stores. This data may include Personal Data from the Customer’s Users or other third parties with whom Cereb has no relationship. Cereb does not review Customer data, and Customer data is encrypted in transit and storage, if applicable, while waiting to be processed.
Contacting Us. When you contact us through the Site, we process certain Personal Data such as Identity Data, Contact Data, Device/Network Data and other Personal Data you may provide us. We use this data as necessary to communicate with you about the subject matter of your request and related matters.
Processing on our Site. We may collect Device/Network Data and Inference Data and combine it with other information when you interact with cookies and similar technologies on our Site. We may receive this data (or aggregate analytics derived from it) from third parties to the extent allowed by the applicable partner. We may use this information as follows:
- for “essential” or “functional” purposes, such as to enable certain features of the Services, or keeping you logged in during a session;
- for “analytics” and “personalization” purposes, consistent with our business interest in how the Services are used or perform, how users engage with and navigate through our Service, what sites users visit before visiting the Service, how often they visit the Service, and other similar information, as well as to greet Users by name and modify the appearance of the Service to usage history, tailor the Service based on geographic location or Customer, and understand the characteristics of Users in various technical and geographic contexts; and
- for “retargeting” or similar advertising purposes on our Site, so that you can see advertisements from us on other websites. These technologies and the data they collect, may be used by advertisers to deliver ads that are more relevant to you based on content you have viewed, including content on our Sites. These tracking technologies may also help prevent you from seeing the same advertisements too many times and to help us understand whether you have interacted with or viewed ads we’ve delivered to you. This data collection may take place both on our Sites and third-party websites that participate in the ad network (e.g. including as part of advertisements delivered by that ad network on a third-party website).
Specific Purposes of Processing:
We use any Personal Data we control in connection with our legitimate interests in sending direct marketing communications, and the aggregate analytics, internal processes and service improvement, and for the other lawful purposes described below.
- We may process Identity Data, Device/Network Data, Contact Data, Inference Data, and information from your communications with us in connection with email marketing communications, including, where allowed: (i) when you register for an account, and choose to enroll, or are enrolled by the Customer, to receive marketing communications; (ii) when you contact us directly, or express an interest in our products and services; and (iii) when you open or interact with our marketing communications. We use this data as necessary to provide marketing communications, consistent with our legitimate business interests, and when you interact with our communications in connection with our legitimate interest in understanding communication response and open rates.
- Aggregated Personal Data:In an ongoing effort to better understand and serve the Users of the Services, Cereb often conducts research and creates Inference Data from data processed on our Site and Service. This research may be compiled and analyzed on an aggregate basis, and Cereb may share this aggregate data with its affiliates, agents and business partners. Cereb may also disclose aggregated User statistics in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes. Cereb and its affiliates may use this information to contact you in the future to tell you about services we believe will be of interest to you.
- Internal Process and Service Improvement.We may use any Personal Data we process through our Site or Services as necessary in connection with our business interests in improving the design of our Site/Services, to create a personalized User experience (such as greeting you by name, or associating Customer Users with Customers), and for ensuring the security and stability of the Site/Services. For example, we may use Personal Data to understand what parts of our Site or Services are most relevant to Users, how Users interact with various aspects of our Site/Services, how our Site/Services perform or fail to perform, etc., or we may analyze use of the Site/Services to determine if there are specific activities that might indicate an information security risk to the Site/Services or our Customers and Authorized Users.
- Miscellaneous processing.If we process Personal Data in connection with our Services in a way not described in this Policy, Cereb will process the Personal Data in a manner that is consistent with this Policy. If Cereb intends on using any Personal Data in any manner that is not consistent with this Policy, you will be informed of such anticipated use prior to processing. Note that we may, without your consent, process your Personal Data on certain public interest grounds. For example, we may process Personal Data as necessary to fulfill our legal obligations, to protect the vital interests of any individuals, or otherwise in the public interest. Please see the data sharing section for more information about how we disclose Personal Data in extraordinary circumstances.
Our Disclosure of Your Personal Data and Other Information:
We may share your Personal Data with certain third parties without further notice to you, as set forth below:
- Customers:We process data on behalf of Customers, and may share Personal Data with Customers to the extent such information was provided to us for processing on the Customer’s behalf, or in the event the Customer has a legitimate business purpose for receiving the information. For example, Customer Users’ account information (for example name and email) may be made available to the relevant Customer as necessary to document Customer use of the Service, or as appropriate to ensure the security of Customer accounts.
- Business Transfers:In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred assets, or we may disclose certain Personal Data as part of the due diligence process.
- Related Companies:In order to streamline certain business operations, improve our products and services that better meet the interests and needs of our customers, and for other purposes consistent with this Policy, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.
- Service Providers:In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other lawful business interests, we may share Personal Data with service providers or subprocessors who perform certain services or process data on our behalf e.g. cloud services and payment processing. When we employ another entity to perform a function of this nature, we only provide them with the information that they need to perform their specific function. ; we may also share the information we collect about you with cloud computing service providers (e.g., Google Cloud (GCP) and Amazon Cloud Services (AWS)) in order to store or process information on our behalf;
- Legal Requirements:Cereb may disclose your Personal Data if required to do so by law such as to comply with a subpoena, bankruptcy proceedings, or similar legal process or in the good faith belief that such action is necessary to (i) comply with a legal obligation or request, (ii) protect and defend the rights or property of Cereb, (iii) act in urgent circumstances to protect the safety or vital interests of an individual or the public, or (iv) protect against legal liability.
- Consent/direction.We may also disclose your personal information to any other third party with your prior consent or as you direct.
- Data Sale:For purposes of the General Data Protection Regulation and California Consumer Privacy Act, we do not sell your Personal Data.
Your Rights and Choices:
You may have the following rights in and choices regarding the processing of your Personal Data, depending on the laws applicable to you, and subject to our rights to limit or deny access/disclosure under such laws:
- Right to Access: You may receive a list of Personal Data processed by Cereb.
- Right to Rectification: You may correct inaccurate Personal Data and ensure it is reasonably complete.
- Right to Erasure: You may request that we delete certain Personal Data.
- Restriction: You may request that we restrict processing of your Personal Data where we have no lawful basis to do so.
- Portability: You may request that we send you a copy of your Personal Data in a common, portable format of our choice.
- Objection: You may to object to any processing of your Personal Data carried out on the basis of our legitimate interests.
- Withdraw Consent: You may withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal.
- Direct Marketing: You have the choice to opt-out of or withdraw your consent to processing related to direct marketing communications. You may have a legal right not to receive such messages in certain circumstances, in which case, you will only receive direct marketing communications if you consent. Each marketing communication we send you will contain instructions permitting you to “opt-out” of receiving future marketing communications. In addition, if at any time you wish not to receive any future marketing communications or you wish to have your name deleted from our mailing lists, please contact us as indicated below. To opt-out of the collection of information relating to email opens, configure your email so that it does not load images in our emails.
- Arbitration:The possibility, under certain conditions, for the individual to invoke binding arbitration to resolve claims under the EU-U.S. Privacy Shield Framework.
- California Rights: Residents of California (and others to the extent required by applicable law) may have the right to request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year. You may also request that we provide you a copy of your Personal Data, direct us to stop selling or disclosing Personal Data for certain purposes (if we have done so), and to receive information regarding: (1) the categories of Personal Data we have collected about you, or that we have sold, or disclosed for a commercial purpose; (2) the categories of sources from which your Personal Data was collected; (3) the business or commercial purpose for which we collected or sold your Personal Data; (4) the categories of third parties with whom we have disclosed your Personal Data, or sold, or disclosed it for a business purpose; and (5) the specific elements of Personal Data we have collected about you.
You may exercise your rights by contacting us at the address below and submitting a request. We respond to only verifiable requests, and we may require that you provide additional Personal Data before you are eligible to exercise these rights, e.g. information necessary to verify your identity.
Note, we can directly fulfill rights requests only regarding Personal Data that we control, which excludes data controlled by our Customers. Please contact the third party directly to exercise your rights in your Personal Data. To the extent permitted by law, Cereb will cooperate with any requests to third parties that relates to Personal Data we process.
Links to Other Web Sites:
Cereb takes reasonable steps to protect the Personal Data provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from the Services may not be secure. Therefore, you should take special care in deciding what information you send to us via email.
We may retain your information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes and enforce our agreements.
Our Sites are neither directed at nor intended for use by minors under the age of majority in the relevant jurisdiction. Further, we do not knowingly collect Personal Data from such individuals. If we learn that we have inadvertently done so, we will promptly delete it.
If you provide Personal Data to the Services, you acknowledge and agree that such Personal Data may be transferred from your current location to the servers for which your solutions have been configured within Cereb and the authorized third parties referred to herein located in the United States.
Changes to Cereb Policy:
Cereb reserves the right to update or modify this Policy at any time and from time to time without prior notice. Please review this policy periodically, and especially before you provide any Personal Data. This Policy was last updated on the date indicated above. Your continued use of the Services after any changes or revisions to this Policy shall indicate your agreement with the terms of such revised Policy.
If you reside in the European Economic Area (“EEA”) or Switzerland, you may have additional rights with respect to your Personal Data, as further outlined below. These rights may include rights under the EU’s General Data Protection Regulation (“GDPR”), if you are a resident of the EEA or Switzerland.
For purposes of the GDPR, Cereb Intelligence Limited. will be the controller of your Personal Data processed pursuant to this Policy, except where specified otherwise. If you have any questions about whether any of the foregoing applies to you, please contact us using the information set forth in the “Contact Information” section below. Your Personal Data may be transferred to the U.S. under the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield frameworks, EU’s Standard Contractual Clauses, or other adequacy mechanisms, or pursuant to exemptions provided under EU law. Contact us for more information regarding the mechanisms we use to ensure adequate protection of data subject to EU Law.
We welcome your comments or questions about this Policy.
You may email us at firstname.lastname@example.org