This policy is supplemental to, and forms an integral part of, the Terms of Service Agreement (“Agreement”), found here, and is effective upon its incorporation into the Agreement, which incorporation may be specified in the Agreement, an Order, or an executed amendment to the Agreement. The terms of this policy shall follow the terms of the Agreement.
This policy also explains your choices surrounding how we use information about you, which include how you can object to certain uses of information about you and how you can access and update certain information about you. If you do not agree with this policy, do not access or use our Services or interact with any other aspect of our business.
Where we provide the Services under contract with an organization (for example, your employer) that organization controls the information processed by the Services.
1. YOUR RESPONSIBILITIES
Within the scope of the Agreement and in its use of the services, Customer shall be responsible for complying with all requirements that apply to it under applicable data protective, privacy, and security laws with respect to its processing and transmittal of information to Rupert. You acknowledge and agree that it shall be solely responsible for:
Accuracy, quality, and legality of any information, include Service Data and Personal Data
Complying with all necessary laws concerning the collection and use of Service Data and Personal Data, including obtaining any necessary consents and authorizations
Ensuring it has the right to transfer, or provide access to, the Service Data and Personal Data to Rupert for purposes of effecting the Services under the Agreement
2. WHAT INFORMATION WE COLLECT ABOUT YOU
We collect information about you when you provide it to us, when you use our Services, and when other sources provide it to us, as further described below.
Information you provide to us
We collect information about you (or your business) when you register for an account, create or modify your profile, set preferences, sign-up for or make purchases through the Services. For example, you provide your contact information and, in some cases, billing information, when you register for the Services. The Services also include our website owned or operated by us. We collect other content that you submit to the website.
Your use of the Services, for which we may collect information about You (or your business) also include our customer support, where you may choose to submit information regarding a problem you are experiencing with a Service. Whether you designate yourself as a technical contact, open a support ticket, speak to one of our representatives directly or otherwise engage with our support team, you will be asked to provide contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.
We collect payment and billing information when you register for certain paid Services. For example, we ask you to designate a billing representative, including name and contact information, upon registration. You might also provide payment information, such as payment card details, which we collect via secure payment processing services.
Information we collect automatically when you use the Services.
We collect information about you, including Service Data, when you use our Services, including browsing our websites and taking certain actions within the Services. We keep track of certain information about you when you visit and interact with any of our Services. The Service Data includes all of your interactions with the Services; the features you use; the query or queries submitted and used in connection with the Services; the links you click on; the type, size, content, and filenames of attachments you upload to the Services; any information you provide as part of the Services provided by Rupert; any requests or questions you submit to Rupert via online forms, email, messaging (including Slack), or otherwise; and license credentials to ensure that usage is in compliance with the customer's licensing terms. This information includes metadata about users, roles, database connections, server settings, features used, API usage, and Platform version.
We, or any third-party we use as necessary to provide the Services, may collect information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services. Server and data center Service administrators can disable collection of this information via the administrator settings or prevent this information from being shared with us by blocking transmission at the local network level.
To collect Service Data and/or any other information contemplated in this section, may use Internet server logs, cookies, tracking pixels, and other similar tracking technologies. We use these technologies in order to offer you a more tailored experience in the future, by understanding and remembering your particular browsing preferences. Cookies are small text files that are placed on your computer or mobile device when you visit a site, that enables us to: (i) recognize your computer; (ii) store your preferences and settings; (iii) understand the web pages of the Services you have visited; (iv) enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests; (v) perform searches and analytics; and (vi) assist with security and administrative functions.
3. HOW WE USE YOUR INFORMATION
We use your information for various purposes depending on the types of information we have collected from and about you, in order to:
Respond to your request for information and provide you with more effective and efficient service
Contact you by email, postal mail, or phone regarding Rupert and its products, services, surveys, research studies
Customize the content you see on the Services
Secure our Services and resolve technical issues being reported
Help us better understand your interests and needs, and improve the Services, including through research and reports, and test, improve, and create new products, features, and services. We automatically analyze and aggregate frequently used search terms and queries, including any users requests through any form of communication, including third-party messaging services, for Services residing in our repository, to improve the accuracy and relevance of suggested topics and/or Services that auto-populate when you use the search feature. In some cases, we apply these learnings across our Services to improve and develop similar features, to better integrate the Services you use, to improve the Services similarity functionalities for purposes of providing solutions to users, or to provide you with insights based on how others use our Services. We also test and analyze certain new features with some users before rolling the feature out to all users.
For our business purposes we have a legitimate interest, when we:
Operate the Service or Website
Apply information security policies and controls on the Service or Website, including overall integrity, identity management and account authentication
For research and development to improve Rupert’s Services
Investigate and prevent fraudulent transactions, unauthorized access to the Website and the Services
Comply with any procedures, laws, and regulations which apply to us where it is necessary for our legitimate interests or the legitimate interests of others
Establish, exercise, or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others
For other purposes for which we obtain your consent
We may aggregate and/or anonymize information collected through the Services so that such information does not identify you as the source of the information. We may use such information to improve the Services, by and through any third-party we use to integrate Services with the users’ database, for research.
4. LEGAL BASES FOR PROCESSING (FOR EEA USERS)
If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:
We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
You give us consent to do so for a specific purpose; or
We need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
5. DATA SUBJECT RIGHTS AND YOUR CHOICES
You have certain rights with respect to your information as further described in this section.
a. Your Legal Rights
If you would like further information in relation to your legal rights under applicable law or would like to exercise any of them, please contact us using the information in the “Contact Information” section below at any time. Your local laws (e.g., in the EU or, for example, in California) may permit you to request that we:
provide access to and/or a copy of certain information we hold about you
prevent the processing of your information for direct-marketing purposes (including any direct marketing processing based on profiling)
update information which is out of date or incorrect
delete certain information which we are holding about you
restrict the way that we process and disclose certain of your information
transfer your information to a third-party provider of services
revoke your consent for the processing of your information
We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. We may request you provide us with information necessary to confirm your identity before responding to your request.
6. THIRD PARTY LINKS
7. DATA SECURITY
Rupert cares deeply about data security. To the effect, Rupert protects Your information with industry standard technical and organizational measures to secure the information we store. We have implemented a range of controls and technical measures to protect the confidentiality, integrity, and availability of our systems. These include:
Force HTTPS on all connections, so data in-transit is encrypted with TLS.
Encrypt all database data at-rest with AES-256.
Host all servers on Google Cloud in the US, in data centers that are SOC 1, SOC 2 and ISO 27001 certified, protected with strong passwords and two-factor authentication
Regularly conduct external penetration tests from third-party vendors.
Regularly conduct security awareness training sessions with all employees.
Maintain detailed audit logs of all internal systems.
Access control protocols to restrict data availability to those parties who need it.
While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.
8. DATA RETENTION
9. SHARING OF INFORMATION
In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may disclose personal information to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. We may also share such information if we believe it is necessary in order to investigate, prevent, or act regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Service Agreement, or as otherwise required by law.
10. CALIFORNIA REQUIREMENTS
If you are a California resident, there are some additional rights that may be available to you under the California Consumer Protection Act (“CCPA”). This policy explains the tools that we have made available to you to exercise your data rights under the CCPA, such as the right to deletion and the right to request access to the categories of information we have collected about you. We encourage you to manage your information, and to make use of the privacy controls we have included in our Services. You will not be discriminated against for exercising any of your privacy rights under the CCPA. In order to protect your information from unauthorized access or deletion, we may require you to provide additional information for verification. If we cannot verify your identity, we will not provide or delete your information.
This policy describes the categories of personal information we may collect, the sources of that information, and our deletion and retention policies. We’ve also included information about how we may process your information, which includes for "business purposes" under the CCPA - such as to protect against illegal activities, and for the development of new products, features, and technologies.
11. CONTACT INFORMATION
If you have questions or complaints regarding this Policy, please contact us by email at firstname.lastname@example.org, or at:
The Corporation Trust Company
c/o Rupert, Inc.
1209 Orange St.,
Wilmington, DE 19801