fbpx Skip to content

Last updated: July 2020

Certent’s commitment to privacy

Certent is strongly committed to protect the privacy of our customers and the data which they store on any of our SaaS offerings. In the spirit of maintaining your confidence and trust, Certent ensures that security is an integral part of our business and that our security and privacy controls cover people, processes and information technology. Our systems and operational processes have been evaluated by subject matter experts to assess ISO 27001, CCPA and GDPR-compliance and to protect against data loss, misuse, unauthorized access or disclosure, alteration or destruction. We review our information security controls regularly to comply with the changing Information security and compliance landscape.

What information do we collect?

If you are an employee of a company that is a customer (client entity) of Certent using one of our Software as a Service (SaaS) offerings or an individual using Certent’s website, we may collect the following personal information from your employer about you: First Name, Middle Initial, Last Name, Tax ID, Address, Office Phone, Home Phone, Cell Phone, Fax, Email address, Stock Option Grants, Date of Birth, Retirement Eligibility Date, Annual Salary. Not all these fields are required to provide our services and hence they may or may not be stored in our database.

How do we collect and use personal information?

The personal information Certent receives comes from use of our web site by individuals and use of our services by employees of a customer company or by administrators on behalf of such employees of a customer company using our SaaS offerings and/or services. Certent uses this personal information solely to directly contact individuals who express interest in receiving our services or to provide such services. Certent does not sell any personal information to any third parties. If this practice should change in the future, we will update this policy and illustrate how individuals can utilize their opt-in or opt-out, as required, choice prior to sharing that data.

How long do we keep personal information?

Personal information collected from our customers is stored as long as the customer gives consent to receive marketing material and/or information from Certent or has a valid service contract with Certent. When the customer contract is terminated, all related personal data to that contract is removed within 3 months of termination date.

Who do we share collected information with?

For personal information submitted on our website, Certent uses this information for internal marketing efforts. Certent never discloses, sells, or otherwise shares your personal information with any third parties other than to support its internal marketing efforts. Certent may share personal information of customers with compliant sub-processors performing services on Certent’s behalf to provide the contractually agreed services to our customers. The sub-processors use the data to produce various reports that will be used by our client entities for internal financial reporting and regulatory filing. Certent ensures that such third parties have agreed in writing that they will provide at least the same or higher level of privacy protection as is required by GDPR, CCPA and other relevant data and security regulations. Certent will notify the individual or company’s administrator employee before their information is disclosed for purposes other than what is mentioned above and will allow individuals to opt out of such disclosures. Certent will ensure that all third parties with access to personal information are subject to law providing the same level of privacy protection as is required by GDPR, CCPA and other related compliance mandates and agree in writing to provide an adequate level of privacy protection. Certent shall notify Customer if Certent adds or removes sub-Processors prior to any such changes, provided Customer opts-in to receive such email notifications by sending a request to [email protected]

Changes to our privacy notice

Certent reserves the right to amend this privacy notice at any time.  When we make changes to this privacy notice, we will post the updated notice on the website and update the notice’s effective date.  Your continued use of our website following the posting of changes constitutes your acceptance of such changes.

GDPR For EU Individuals

What rights do individuals have?

Subject to applicable law, individuals may have few or all of the following rights available to them with respect to their personal data:

  • to obtain a copy of their personal data together with information about how and the basis for processing that personal data;
  • to rectify inaccurate personal data (including the right to have incomplete personal data completed);
  • to erase their personal data (in limited circumstances, such as where it is no longer necessary in relation to the purposes for which it was collected or processed);
  • to restrict processing of their personal data under certain circumstances;
  • to port their data in machine-readable format to a third party (or to them) when Certent justifies its processing on the basis of their consent or the performance of a contract with them;
  • to withdraw their consent to our processing of their personal data (where that processing is based on their consent and doesn’t inhibit Certent from providing a contracted obligation); and
  • to obtain, or see a copy of the appropriate safeguards under which their personal data is transferred to a third country or international organization

In addition to the above rights, individuals have the right to object, at any time to any processing of their personal data for which Certent has justified on the basis of a legitimate interest, including profiling (as opposed to individual consent) or to perform a contract with them. Individuals also have the right to object at any time to any processing of their personal data for direct marketing purposes, including profiling for marketing purposes.

Who should customers contact if they have a GDPR related complaint?

Individuals who are our customer’s employees should contact their internal corporate system administrator for any personal data related complaints. Individuals who place their personal data directly with Certent can send their request to:

Phone: +1 (925) 730-4300
Email: [email protected]`
Website: https://certent.com/contact-us/

All requests for data access will be handled within a reasonable timeframe unless the request conflicts with the rights of others or Certent’s legal obligations to lawful requests by regulatory authorities, including to meet national security or law enforcement requirements. Individuals will be notified within a reasonable timeframe if their requests cannot be fulfilled.

We would appreciate the opportunity to resolve your GDPR complaint directly, but EU and Swiss individuals also have the right to go to the relevant EU Data Privacy Authority (EU DPA) or Swiss Federal Data Protection and Information Commissioner (Swiss FDPIC). Please go to http://ec.europa.eu/justice/article-29/structure/dataprotection-authorities/index_en.htm to locate your DPA or https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection—switzerland.html to locate your representative.

Cookies and related technologies

The Certent website and the SaaS offerings uses cookies and related technologies. Cookies are small data files that are served by our platform and stored on your computer’s hard drive through your web browser. Our site uses cookies dropped by us or third parties for a variety of purposes including to operate and personalize the website. Also, cookies may be used to track how you use the site to target ads to you on other websites. The types of data collected may include IP addresses, cookie identifiers, or website activity. You can opt out of receiving targeted ads served by us or on our behalf by clicking on the blue icon in the corner of the ads we serve.

Certent and its partners use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service. To manage Flash cookies, please click here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

We partner with third parties to display advertising on our website or to manage our advertising on other websites. Our third party partners may use cookies or similar technologies in order to provide you advertising based upon your browsing activities and interests. If you wish to opt out of interest-based advertising, most web browsers allow you to control cookies through their settings.

Data security and compliance

Certent is highly committed to information security and compliance with applicable regulations. We have invested significant time and efforts to design and implement an Information Security Management System that complies with ISO/IEC 27001:2013 standard requirements and we are currently working towards obtaining our certification. We also have processes in place to comply with the European Union (EU) General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) that mandate numerous privacy arrangements and controls designed to protect personal data, many of which are also part of ISO/IEC 27001:2013 standard.

We take the security of data very seriously and have implemented security controls to protect all data we process, transmit or store. Our information security program is based on defense in depth strategies and layered security principles which cover people, processes and technology for all forms of assets (physical and electronic). Information security reviews and audits are a regular part of ISMS process and vulnerability management program is in effect to ensure all findings are addressed according to their risk levels.

EU-U.S. and Swiss-U.S. Privacy Shield

Certent complies with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union including Norway, the United Kingdom, Liechtenstein, Iceland and Switzerland to the United States in reliance of Privacy Shield. Certent has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Certent is responsible for the processing of personal data it receives under the Privacy Shield Frameworks and subsequently transfers such data to a third party acting as an agent on its behalf. Certent complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, EEA, the United Kingdom, and Switzerland, including the onward transfer liability provisions.

Pursuant to the Privacy Shield we acknowledge that EU, the United Kingdom, and Swiss individuals have the right to access their personal data. Individuals wishing to exercise that right may do so by contacting the Certent at [email protected] .

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Certent is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Certent may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-US and Swiss-US Privacy Shield Frameworks, Certent commits to resolve complaints about your privacy and our collection or use of your personal information. European Union, the United Kingdom, and Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Certent at [email protected] .

Recourse for unresolved human resources complaints

Certent commits to cooperate with the panel established by the EU Data Protection Authorities (DPAs) and comply with the advice given by the panel with regard to human resources data transferred from the EU and United Kingdom in the context of the employment relationship. EU and United Kingdom individuals with human resources complaints should contact the appropriate DPA.  If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction to locate your authority. Certent does not presently directly employ individuals in Switzerland.  If this practice should change in the future we will update this policy accordingly.

Recourse for unresolved consumer complaints

Certent has further committed to refer unresolved Privacy Shield complaints to the BBB EU Privacy Shield, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information or to file a complaint. The services of the BBB EU Privacy Shield Program are provided at no cost to you.

If your complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction .

 

CCPA For California Individuals:

Information we collect

As part of providing our SaaS offerings, we collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”).  Personal information does not include:

  • Publicly available information from government records
  • Deidentified or aggregated consumer information
  • Information excluded from the CCPA’s scope, like:
    • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; or
    • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994

In particular, we have collected the following categories of personal information from our consumers within the last twelve (12) months: Identifiers, and personal information categories listed in the California Customer Records statute (Cal.  Civ.  Code § 1798.80(e)). We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from you.  For example, from forms you complete
  • Indirectly from you.  For example, from observing your actions on our website
  • From your employer if your employer is a customer (client entity)

Use of personal information

We may use or disclose the personal information we collect for one or more of the following purposes:

  • To market Certent products or services
  • To fulfill or meet the reason you provided the information
  • To provide, support, personalize, and develop our website, products, and services
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA
  • As further described elsewhere in this privacy policy
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about consumers is among the assets transferred

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing personal information

We may disclose your personal information to a third party for a business purpose or to facilitate our use of the personal information as set forth above.  When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

Your rights and choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information.  This privacy policy describes your CCPA rights and explains how to exercise those rights.

Access to specific information and data portability rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months.  Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of personal information we collected about you
  • The categories of sources for the personal information we collected about you
  • Our business or commercial purpose for collecting or selling that personal information
  • The categories of third parties with whom we share that personal information
  • The specific pieces of personal information we collected about you (also called a data portability request)
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
    • sales, identifying the personal information categories that each category of recipient purchased; and
    • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained

Deletion request rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.  Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities
  3. Debug products to identify and repair errors that impair existing intended functionality
  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law
  5. Comply with the California Electronic Communications Privacy Act (Cal.  Penal Code § 1546 et.  seq.)
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent
  7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us
  8. Comply with a legal obligation
  9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it

Exercising access, data portability, and deletion rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:

Phone: +1 (925) 730-4300
Email: [email protected]
Website: https://certent.com/contact-us/

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information.  You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a twelve (12) month period.  The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you

Making a verifiable consumer request does not require you to create an account with us.  We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request

Non-discrimination

We will not discriminate against you for exercising any of your CCPA rights.  Unless permitted by the CCPA, we will not:

  • Deny you goods or services
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties
  • Provide you a different level or quality of goods or services
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services

Who should customers contact if they have a CCPA related complaint?

If you have any questions or comments about this notice, the ways in which we collect and use your information described in Certent’s Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us by either:

Phone: +1 (925) 730-4300
Email: [email protected]
Website: https://insightsoftware.com/contact-us/