This Privacy Notice describes how we collect and use personal data. It covers activities other than those performed in relation to Immuta SaaS offering.
For a description of our processing activities in relation to Immuta SaaS offering see here.
For our cookie notice see here.
Personal data we collect and process
Personal data we collect may include names, emails, job titles, phone numbers, addresses, IP addresses, conversations, attended events, browsing data such as web browser, pages viewed, time spent on pages, and links clicked, professional or business related interests and characteristics and communication traits.
How we collect personal data
Personal data may either be collected directly from the concerned individuals, sometimes with the help of our service providers, such as our website host or analytics tools, or by other third parties such as our marketing and business partners or our data analytics and lead generation tools.
Cookies
When you visit our website, we may obtain certain information by automated means, such as cookies, web beacons, web server logs and other technologies. A “cookie” is a text file that websites send to a visitor’s computer or other internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an internet tag, pixel tag, or clear GIF, links web pages to web servers and cookies and may be used to transmit information collected through cookies back to a web server.
We may use these automated technologies on our website to collect information about your equipment, browsing actions and usage patterns. These technologies help us (1) remember your information so you do not have to re-enter it; (2) track and understand how you use and interact with our website; (3) tailor the website around your preferences; (4) measure the usability of our website and the effectiveness of our communications; and (5) otherwise manage and enhance our products and services, and help ensure they are working properly.
Your browser may tell you how to be notified about certain types of automated collection technologies and how to restrict or disable them. Please note, however, that without these technologies, you may not be able to use all of the features of our website. For mobile devices, you can manage how your device and browser share certain device data by adjusting the privacy and security settings on your mobile device.For more information on our use of cookies and similar technologies, click here to review our cookie notice.
Interest-Based Advertising
On our website, we may obtain information about your online activities to provide you with advertising about products and services that may be tailored to your interests. You may see our ads on other websites because we use third-party ad services. Through these ad services, we can target our messaging to users based on demographic data, users’ inferred interests and browsing context. These services track your online activities over time and across multiple websites and apps by collecting information through automated means, including through the use of cookies, web server logs, web beacons and other similar technologies. The ad services use this information to show you ads that may be tailored to your individual interests. The information ad services may collect includes data about your visits to websites that serve advertisements, such as the pages or ads you view and the actions you take on the websites or apps. This data collection takes place both on our website and on third-party websites and apps that participate in these ad services. This process also helps us track the effectiveness of our marketing efforts. The website is not designed to respond to “do not track” signals from browsers. No generally accepted standards currently exist on how websites must respond to “do not track” signals. In the event a final standard is established, we will assess how to respond to these signals.
To learn how to opt out of interest-based advertising, please visit www.aboutads.info/choices and https://www.networkadvertising.org/choices/.
Third Party Analytics Services
We may use third-party analytics services on our website, such as Google Analytics. The information we obtain through the website may be disclosed to or collected directly by these services. To learn more about Google Analytics, please visit https://www.google.com/policies/privacy/partners/. To opt-out of Google Analytics, please visit https://tools.google.com/dlpage/gaoptout.
How we use personal data
We use personal data to:
- Communicate with you and respond to your questions about our products and services, e.g., through the chat box, emails, phone calls
- Promote new products and services that may be of interest to your organization and invite you to showcase events and demos
- Assess and improve the quality of the content we produce and make available on our website and more generally managing our website
- Analyze our products, services and customer base, assess and improve the quality of our products and services
- Prevent and detect fraud and abuse
- Maintain the security of our services
- Performing accounting, and other internal functions such as internal reporting, generating statistics to identify trends and opportunities
- Prepare for and engage in internal and external audits and similar assurance-providing processes and procedures
- Prepare for, engage in, complete, or follow up on mergers, acquisitions, or similar corporate transactions
- Prepare for, and engage in, dispute resolution proceedings, including alternative dispute resolution, mediation or administrative or court proceedings
- Comply with and enforce applicable legal requirements, industry standards and Immuta policies and terms
We may also use personal data in other ways for which we provide specific notice at the time of collection.
To whom we may disclose personal data
We may disclose personal data to our service providers or authorize them to process the data to pursue one or more of these purposes. Our service providers include:
- Immuta’s Affiliates
- Contact and lead management tool providers,
- Communication tool providers,
- Website hosting providers,
- Data analytics and lead generation providers when they offer restricted data processing,
- Content analysis tool providers,
- Search and other related providers which may utilize AI technology, e.g., to power our documentation site,
- Communication profiling tool providers,
- Legal service providers,
- Auditors,
- Advisors and
- Other service providers we engage within the context of mergers and acquisitions
We may disclose personal data to other third parties such as:
- Marketing and business partners,
- Data analytics and lead generation providers, including social networks
- Online advertising services and
- Other third parties we engage within the context of mergers and acquisitions, governmental authorities, or debt collection agencies.
How we secure personal data
We maintain physical, technical, and administrative safeguards designed to protect personal data against accidental, unlawful or unauthorized access, destruction, loss, alteration, disclosure or use. Our security procedures mean that we may request proof of identity before we disclose personal data to you.
Location of personal data
Personal data is hosted in the United States. Whenever we transfer personal data subject to international transfer restrictions, we ensure that the information is transferred in accordance with this Privacy Notice and as permitted by applicable data protection laws.
Retention of personal data
We keep personal data for as long as it is required in order to fulfill the relevant purposes described in this Privacy Notice and as may be required by law (including for tax and accounting purposes), or as otherwise communicated to you. The period for which we retain personal data is based on factors such as the type of information collected (i.e., its sensitivity), the intended purposes or use, legal requirements, the potential risk of harm from unauthorized use or disclosure of the information, the resolution of any pending or threatened disputes, and enforcement of our agreements.
Your rights
Subject to applicable law, you may have the right to:
- ask whether we hold personal data about you and request copies of such personal data and information about how it is processed.
- request that inaccurate, incomplete or outdated personal data is corrected or completed.
- request the deletion of personal data in certain circumstances.
- request to restrict the processing of your personal data in certain circumstances.
- object to the processing of personal data on grounds relating to your particular situation.
- request that we provide a copy of your personal data to you in a structured, commonly used and machine readable format in certain circumstances.
When you consent to our processing your personal data for a specified purpose, you may withdraw your consent at any time, and we will stop any further processing of your data for that purpose.
If you wish to exercise any of these rights, please contact us at [email protected].
You can also lodge a complaint with the data protection authority in your country. You can contact our Data Protection Officer (DPO) at [email protected]. Individuals and the data protection supervisory authorities in the EU may also contact our EU representative according to Art. 27 GDPR:
bpc GmbH, Attn: Immuta, Inc., Einigkeitstrasse 9, 45133 Essen, Germany; email: [email protected]
www.b-p-c.eu
Unsubscribing. You can tell us at any time not to send you marketing communications by e-mail by clicking on the unsubscribe link within the marketing emails you receive from us, or by sending an “opt out” request to the address indicated on such email. You may request not to be contacted in connection with any new services, updates, news, or events by contacting us as described below. You may also unsubscribe via our preference center at this link: https://go.immuta.com/manage-email-preferences
Verifying Requests.
To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with your deletion or correction request. We may require you to verify your email address or phone number in our records and/or provide any of the following information:
- Contact information (such as name, email, phone number, and address); and
- An indication of your prior contact with Immuta (such as prior contact with customer service, or other contact).
In addition, if you ask us to provide you with specific pieces of personal information, we may require you to sign a declaration under penalty of perjury that you are the individual whose personal information is the subject of the request.
Children’s Privacy
Our website is targeting businesses and is not directed to children. In connection with the website, we do not knowingly solicit or collect personal data from children under the age of 16. If we learn that we have collected personal data from a child under age 16 without parental consent, we will either seek parental consent or promptly delete that information. If you believe that a child under age 16 may have provided us with personal data without parental consent, please contact us as specified in the How To Contact Us section of this Privacy Notice.
Updates to our Privacy Notice
We may update this Privacy Notice from time to time and without prior notice to you to reflect changes in our personal data practices. We will indicate at the top of the policy when it was most recently updated.
How to Contact Us
You can update your preferences, submit a request or ask us questions about this Privacy Notice or our practices by emailing us at [email protected] or writing to us at:
Immuta, Inc.
Attn: Mike Scott
886 N. High Street, 3rd Floor
Columbus, OH
43215, USA
United States of America
Additional information for certain jurisdictions
Please see below for additional information applicable to individuals who are located or reside in certain jurisdictions such as the EEA, United Kingdom, and California.
California, US
This California Consumer Privacy Statement supplements the Immuta Marketing and Website Privacy Notice and applies solely to personal information collected about California consumers.
This California Consumer Privacy Statement uses certain terms that have the meaning given to them in the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, and its implementing regulations (collectively, the “CCPA”).
Notice of Collection and Use of Personal Information
We may collect (and may have collected during the 12-month period prior to the Last Updated date of this California Consumer Privacy Statement) the following categories of personal information about you:
- Identifiers such as real name, electronic identifier, email address, and job title
- Online activity such as Internet and other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with websites, applications or advertisements
- Inferences: inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, which may include predispositions, behavior, abilities and aptitudes.
We may use (and may have used during the 12-month period prior to the Last Updated date of this California Consumer Privacy Statement) your personal information for the purposes described above in the section titled “How we use personal data.”
We do not collect or process sensitive personal information and do not require such information for our Services for purposes of inferring characteristics about consumers. Do not provide us sensitive personal information.
To the extent we process deidentified information, we will maintain and use the information in deidentified form and will not attempt to reidentify the information unless permitted by applicable law.
Sources of Personal Information
During the 12-month period prior to the Last Updated date of this California Consumer Privacy Statement, we may have obtained personal information about you from the following categories of sources:
- Directly from you, such as when you contact us
- Your devices, such as when you visit our website
- Our affiliates
- Service providers, contractors and other vendors who provide services on our behalf, as set forth above
- Our joint marketing and business partners
- Online advertising services
- Social networks
- Data brokers and public databases
Sale or Sharing of Personal Information
We do not sell your personal information as defined by the CCPA. We may share your personal information (as defined by the CCPA) by allowing certain third parties (such as online advertising services) to collect personal information via automated technologies on our websites and apps for cross-context behavioral advertising purposes. You have the right to opt out of these types of disclosures of your information.
We may share for cross-context behavioral advertising purposes (and may have shared during the 12-month period prior to the Last Updated date of this Privacy Notice) the following categories of personal information about you to online advertising services:
- Identifiers
- Online Activity
- Inferences
You have the right to opt-out of this disclosure of your information, as detailed below. We do not have actual knowledge that we sell or share the personal information of minors under 16 years of age.
Disclosure of Personal Information
During the 12-month period prior to the Last Updated date of this Privacy Notice, we may have disclosed the following categories of personal information about you for a business purpose to the following categories of third parties:
| Category of Personal Information | Categories of Third Parties |
|---|---|
| Identifiers | – Our affiliates – Vendors who provide services on our behalf, as set forth above – Our joint marketing and business partners – Online advertising services – Social networks – Data brokers |
| Online Activity | – Our affiliates – Vendors who provide services on our behalf, as set forth above – Our joint marketing and business partners – Online advertising services – Social networks – Data brokers |
| Inferences | – Our affiliates – Vendors who provide services on our behalf, as set forth above – Our joint marketing and business partners – Online advertising services – Social networks – Data brokers |
In addition to the categories of third parties identified above, during the 12-month period prior to the Last Updated date of this Privacy Notice, we may have disclosed personal information about you to government entities and third parties in connection with corporate transactions, such as mergers, acquisitions or divestitures.
Your California Privacy Rights
As a resident of California, you have certain rights under the CCPA, namely:
- Right to Access/ Know – You have the right to request any or all the following information relating to your personal information that we have collected and disclosed in the last 12 months, upon verification of your identity:
- The specific pieces of personal information we have collected about you.
- The categories of personal information we have collected about you.
- The categories of sources of the personal information.
- The categories of personal information that we have disclosed to third parties for a business purpose, and the categories of recipients to whom this information was disclosed.
- The categories of personal information we have sold or shared about you (if any), and the categories of third parties to whom the information was sold or shared; and,
- The business or commercial purposes for collecting the personal information.
- We do not “sell” personal information as that term is defined in the CCPA.
- Right to request correction – You have the right to request that we correct the personal information we maintain about you, if that information is inaccurate.
- Right to request deletion – You have the right to request the deletion of personal information that we have collected from you, subject to certain exceptions.
- The Right to Opt Out of Sharing – You have the right to opt out of the sharing of your personal information for cross-context behavioral advertising purposes.
However, please note that if the exercise of these rights limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you our products and services or engage with you in the same manner.
- The Right to Non-Discrimination and Non-Retaliation – You have the right not to receive discriminatory or retaliatory treatment for exercising these rights.
- The Right to Limit use of Sensitive Personal Information – You have the right to limit our use of your sensitive personal information (as defined in the CCPA). As discussed above, we do not require and do not wish to receive your sensitive personal information. Do not provide us with any sensitive personal information. If you think we have processed your sensitive personal information, please contact us.
- “Shine the Light” – California residents that have an established business relationship with us have rights to know how their information is disclosed to third parties for their direct marketing purposes under California’s “Shine the Light” law (Civ. Code §1798.83).
Exercising Your Rights
If you wish to exercise your California privacy rights, please click here to fill in the form.
You could also contact us at [email protected]. Please specify in your email which right(s) you are seeking to exercise.
You can opt-out of cookie-based sharing by clicking the link below or broadcasting the Global Privacy Control signal.
You can submit a request to opt out of email-based sharing here.
To submit a request as an authorized agent on behalf of a consumer, please submit a signed authorization form from the consumer.
Verifying Requests. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with your deletion or correction request. If you have an account with us, we may verify your identity by requiring you to sign in to your account. If you do not have an account with us and you request access to, correction of or deletion of your personal information, we may require you to verify your email address or phone number in our records and/or provide any of the following information:
- Contact information (such as name, email, phone number, and address); and
- An indication of your prior contact with Immuta (such as prior contact with customer service, or other contact).
In addition, if you ask us to provide you with specific pieces of personal information, we may require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.
To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.
European Economic Area (EEA) and the United Kingdom (UK)
Identity of the controller
Immuta, Inc., with offices at 25 Thomson Place, 4th Floor, Boston, MA 02210, USA, is responsible for the processing of your personal data as described in this Privacy Notice.
Legal bases
We process your personal data on one or more of the following legal bases:
| Purpose Description | Legal Bases |
| Communicate with you and respond to your questions about our products and services, e.g., through the chat box, emails, phone calls | – As necessary to enter into a contract or to perform our contractual obligations. – Or we rely upon our legitimate interest which is being able to communicate with our customers and engage in normal business communications. (Note that phone calls are not recorded, unless explicitly mentioned during the call) (Legitimate interests) |
| Promote new products and services that may be of interest to your organization and invite you to showcase events and demos | – Being able to communicate new offers to our existing customers (Legitimate interests). – Where required under applicable law, we will collect your consent to send you marketing communications. |
| Assess and improve the quality of the content we produce and make available on our website and more generally managing our website | Being able to improve and manage our website. (Legitimate interests) |
| Analyze our products, services and customer base, assess and improve the quality of our products and services | Being able to improve our products and services. (Legitimate interests) |
| Prevent and detect fraud and abuse | To keep our customers, suppliers and products and services safe and secure. (Legitimate interests) |
| Maintain the security of our services | To keep our customers, suppliers and products and services safe and secure. (Legitimate interests) |
| Performing accounting, and other internal functions such as internal reporting, generating statistics to identify trends and opportunities | To perform business operations and understand our business context and environment as well as the markets in which we operate. (Legitimate interests) |
| Prepare for and engage in internal and external audits and similar assurance-providing processes and procedures | To be able to verify the compliance of our internal processes and procedures and obtain an adequate level of assurance. (Legitimate interests) |
| Prepare for, engage in, complete, or follow up on mergers, acquisitions, or similar corporate transactions | To be able to engage in corporate transactions. (Legitimate interests) |
| Prepare for, and engage in, dispute resolution proceedings, including alternative dispute resolution, mediation or administrative or court proceedings | To be able to defend ourselves and our interests. (Legitimate interests) |
| Comply with and enforce applicable legal requirements, industry standards and Immuta policies and terms | As necessary to comply with relevant law and legal obligations, including to respond to lawful requests and orders. (Legal obligation) To implement industry standards. (Legitimate interests) |
In accordance with applicable law, we take reasonable measures to ensure that the interests we pursue are balanced with your interests, rights and freedoms, which we are happy to explain upon request.
Your Rights
Subject to applicable law, you have the right to:
- ask whether we hold personal data about you and request copies of such personal data and information about how it is processed.
- request that inaccurate, incomplete or outdated personal data is corrected or completed.
- request the deletion of personal data in certain circumstances.
- request to restrict the processing of your personal data in certain circumstances.
- object to the processing of personal data on grounds relating to your particular situation.
- request that we provide a copy of your personal data to you in a structured, commonly used and machine readable format in certain circumstances.
When you consent to our processing your personal data for a specified purpose, you may withdraw your consent at any time, and we will stop any further processing of your data for that purpose.
If you wish to exercise any of these rights, please click here to fill in a form or send an email at [email protected].
You can also lodge a complaint with the data protection authority in your country.
You can contact our Data Protection Officer (DPO) at [email protected]. Individuals and the data protection supervisory authorities in the EU may also contact our EU representative according to Art. 27 GDPR:
bpc GmbH, Attn: Immuta, Inc., Einigkeitstrasse 9, 45133 Essen, Germany; email: [email protected]
www.b-p-c.eu
When you consent to our processing your personal data for a specified purpose, you may withdraw your consent at any time, and we will stop any further processing of your data for that purpose.
International transfers
We transfer personal data from the EEA and the UK to the United States by entering into the European Commission’s Standard Contractual Clauses and the UK Transfer Addendum (if appropriate) or on the basis of a derogation when the transfer is necessary for the conclusion or performance of a contract, for the implementation of pre-contractual measures taken at your request, or upon your explicit consent. To obtain a copy of the safeguards we have put in place, please contact us as indicated below.
Alternatively, we ensure that the data recipient is located in a country that has been the subject of an adequacy decision.
Exercising Your Rights
If you wish to exercise your California privacy rights, please click here to fill in the form.
You could also contact us at [email protected]. Please specify in your email which right(s) you are seeking to exercise.
You can opt-out of cookie-based sharing by clicking the link below or broadcasting the Global Privacy Control signal.
You can submit a request to opt out of email-based sharing here.
To submit a request as an authorized agent on behalf of a consumer, please submit a signed authorization form from the consumer.
Verifying Requests. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with your deletion or correction request. If you have an account with us, we may verify your identity by requiring you to sign in to your account. If you do not have an account with us and you request access to, correction of or deletion of your personal information, we may require you to verify your email address or phone number in our records and/or provide any of the following information:
- Contact information (such as name, email, phone number, and address); and
- An indication of your prior contact with Immuta (such as prior contact with customer service, or other contact).
In addition, if you ask us to provide you with specific pieces of personal information, we may require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.
To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.