Privacy Policy

Last updated September 16, 2019

Utmost Software, Inc. (“Utmost”, “we”, or “us”) values individual privacy, and we are committed to protecting individuals’ information.

This Privacy Notice (this “Notice”) describes the types of information we collect, how we collect information, what we do with information that we collect, and how you can contact us with any questions about our information practices or to access or request changes or updates to information concerning you.

Please review this Notice carefully to understand our practices and treatment of information. If this Notice is unacceptable to you or if you do not agree with our information practices, you may choose not to visit or use this website or any services offered through this website.

Scope

This Notice applies to information that we collect through our public website, at [Utmoste.com], and any of our other websites that provide a link to this Notice[, as well as information collected through any of our products and services that are accessible via those websites] 1(collectively, the “Site), from you as an individual user (“you”) of the Site.

This Notice does not apply to information collected by other means, or information collected by third parties, third-party websites, or content or applications of third parties, including any that may be linked to or accessible from or on the Site.


1 NTD: Please confirm the scope of this Notice, i.e., what this Notice applies to, in order to ensure that descriptions of privacy practices in the Notice are accurate to the scope defined here.

Information We Collect and How We Collect It

Information You Provide to Us.

If you communicate with us through the Site, for example to request information from us, we may ask you to provide certain information about yourself, such as your name, email address, phone number, employer or organization, professional role, or similar information. In these cases, you will know what information is collected through the Site because you will provide that information to us.

[If there is information that you are required to provide to us or that we are required to collect, based on either law or contract, we will advise you of the requirement at the time we collect that information, and we will also provide information about any consequences of a failure to provide required information.] 2

Information We Collect Automatically.

As part of the standard operation of the Site, we automatically collect information from your computer or device, including IP address, domain name (that you visited from www.company.com, for example), referral or exit data (the last website that you visited before visiting the Site and the next website you visit afterwards, respectively), as well as browser and platform type (a Google browser or an Apple platform, for example). We also collect information about how you use the Site, such as the date and time of your visit, the amount of time you spend on the Site, how often you visit the Site, the areas or pages that you spend the most time on, and other click-stream data. Information collected automatically is generally statistical data and generally does not identify you personally.

Cookies, Beacons, and Tags.

A cookie is a small text file that is stored on your computer or device when you access the Site. We use cookies on the Site in order to collect the information described above, and also to remember your settings and for authentication. You can manage the use of cookies through your browser. You may still use the Site if you reject cookies, but it may limit your ability to use some areas of the Site or otherwise diminish your experience of the Site.

In addition, with the assistance of our third-party partners and service providers, we may use technologies such as web beacons, tags, Flash cookies or HTML5 to collect or use information about visitors to the Site and their actions on the Site. For information about opting out of or managing the collection or use of such information, please see the section below regarding “Your Choices.”

The Site does not respond to “do-not-track” requests or similar browser settings.


2 NTD: Include this statement for GDPR compliance. This is an operational requirement of the GDPR and should be implemented in relevant website functions.

How We Use Information We Collect

We use information that we collect, including your personal information, for the following purposes:

  • To present the Site and its contents to you.
  • To provide any information, products, or services that you may access through the Site.
  • To maintain and improve our content or any of our products or services, for example by analyzing usage to identify pages and topics of interest.
  • To respond to your questions or requests for information, or to fulfill any other purpose for which you provide your information to us through the Site.
  • To provide you with information about any of our services, updates, editorial content, industry education, invitations to upcoming events, and similar information.
  • To better understand how visitors use the Site and the performance of the Site, including measuring and monitoring user traffic and using aggregate statistical analysis, which informs future enhancements and changes to the Site, or by combining information collected through the Site with information about our customers collected by other means.
  • For any other purpose that we describe at the time we collect your information.
  • For any other purpose with your consent.

Disclosure of Your Information

We may disclose aggregate statistical information about visitors to the Site, which does not identify individual users, without restrictions.

Personal information about you, that you provide or that we collect as described in this Notice, may be disclosed to third parties as follows:

  • To our subsidiaries and affiliates.
  • To agents and service providers who are bound by confidentiality obligations and who use the personal information only on our behalf.
  • To deliver any requested information, products, or services, or otherwise to fulfill a contractual obligation to you.
  • With your consent.
  • As otherwise described in this Notice.

We may also disclose your personal information:

  • As required by law, court order or legal process, including to respond to a subpoena, to respond to a government or regulatory request, or to cooperate with law enforcement investigations.
  • To enforce our contractual rights, take precautions against liability, investigate suspected or actual illegal activities, or to investigate and defend ourselves against third-party claims or allegations.
  • To a buyer or other successor in the event of a merger, restructuring, reorganization, or other sale or transfer of some or all of our assets, including, but not limited to, as part of a bankruptcy, liquidation, or similar proceeding, in which personal information held by us about users of the Site is among the assets transferred.
  • When we believe that disclosure is necessary or appropriate to protect the rights, property, or personal safety of ourselves, our customers, or others.

Whenever we disclose personal information to a third party, we seek to minimize the disclosure to only information that is necessary for the purpose of that disclosure.

How Long We Hold Your Information

We will hold information about you that is collected through the Site for [as long as you maintain a user account, as long as needed to provide our services to you, or with your consent, we may continue to maintain information about you for our internal business purposes.] 3

We may also retain personal information about you for a reasonable time for backup, archival, reactivation or audit purposes, or as needed to comply with our legal obligations, resolve disputes or enforce our agreements. If you have any questions about how long we may keep personal information about you, please [contact us via <URL and link to website contact form>,] email us at [email address] or contact us as provided below.


3 NTD: Please revise to accurately describe the duration that the personal data will be stored, or if not possible, the criteria used to determines the duration that personal data will be stored.

International Transfers of Personal Information

For the purposes described in this Notice, we may transfer information across borders, including from your country or jurisdiction to other countries or jurisdictions around the world, where applicable laws may not provide the same level of protection of personal information as the laws of the country or jurisdiction where you are located. In those cases, we take steps to ensure that information will be provided the same level of protection in the recipient country or jurisdiction.

By visiting or using the Site, you hereby consent to the transfer of your personal information to countries where applicable laws may not provide the same level of protection of personal information as the laws of the country or jurisdiction where you are located, including, without limitation, the United States, in accordance with this Notice.

Accessing and Requesting Changes to Your Information

[If you have registered with the Site, you can review and change your personal information on your account profile page.] 4

If you [have not registered with the Site and] wish to access, correct, update, or delete personal information about you, please [contact us via <URL and link to website contact form>,] email us at [email address] or contact us as provided below 5. In responding to your request, we may request information from you and use information previously collected to verify your identity, or take other actions that we believe are appropriate.

Please understand that we may not be able to alter or delete your personal information if we are required under applicable law to maintain that information. We are also not obligated to comply with requests that are unreasonably burdensome or expensive, or with requests that would interfere with the rights of another individual. In some circumstances, we may charge a reasonable fee to fulfill your request.


4 NTD: If there is a means for users to review and change their personal information in a user account, that may be described here. (Please note that this is provided as sample text only.).

5 NTD: Please note that processes must be in place for employees to receive and respond to communications received by these means.

Your Choices

You have certain choices about how your personal information is collected, used and shared. Although you may not be able opt out of all collection or use of personal information and still use the Site or our services, you can take steps to limit or control how your personal information is collected, used and shared.

Emails.

To opt out of receiving promotional or marketing emails from us, you may click on the “unsubscribe” link at the bottom of our emails.

Cookies.

You can control or delete cookies, or otherwise manage cookies, through your browser or device settings. For more details, please visit https://www.allaboutcookies.org or https://www.aboutcookies.org. Please understand, however, that you may be unable to use all of the functionality of the Site or our services if you choose to reject cookies.

To learn more about cookies, please see our Cookies Statement at [URL and link to Cookies Statement].

[Advertising Partners.

We may partner with third parties to manage our advertising on other sites, and they may collect information and provide advertising to you based upon your browsing activities and interests. We do not control these third parties’ tracking technologies, how they may be used or the information they may collect, and we are not responsible for their privacy policies or the content that may be provided by those third parties. You can learn more about online and interest-based advertising, and about choices available to you, at https://www.aboutads.info/consumers.

If you prefer not to have your information used for the purpose of serving you personalized advertising, you may also learn more about your choices or change your preferences at https://optout.aboutads.info, https://optout.networkadvertising.org, https://preferences-mgr.truste.com, from Google at https://www.google.com/settings/ads or https://policies.google.com/technologies/partner-sites, from Facebook at https://www.facebook.com/about/ads or https://www.facebook.com/policy.php, or if you are located in the European Union at https://www.youronlinechoices.eu/.] 6


{6} NTD: To be included if applicable.

Security

We take reasonable steps and follow generally accepted industry data practices to protect personal information submitted to us from accidental loss and from unauthorized access, use, alteration, and disclosure. Unfortunately, there is no completely secure or error-free method of data transmission over the Internet, and we cannot guarantee the absolute security of your personal information.

Children’s Privacy

The Site is not intended for children under the age of 13 [or as defined by applicable local law], and we do not knowingly collect or solicit personal information from children. If we learn that we have collected or received personal information from a child, we will delete that information.

If you believe that we may have any personal information about a child, please inform us by contacting us as provided in this Notice.

Changes to Our Privacy Notice

We may update this Notice to reflect changes to our information practices. If we make any material changes to how we treat the personal information of visitors to the Site, we will provide notice by updating the date the Notice was last revised 7. We encourage you to periodically review this page to learn of any changes we have made to this Notice.


7 NTD: In addition, it is recommended that following any modification of this Policy, users are informed of the updated Policy via a popup notice upon their next visit to the Site, and/or by email in the case of registered users who have provided their email address.In either case, the notice should include a link to the updated Policy.

Contact Us

Please feel free to contact us with any questions, comments, complaints, or suggestions regarding this Notice or our information practices. You can email us at hello@utmost.co, contact us via Contact Form or by postal mail at:

USA
457 Bryant St.
San Francisco, CA
94107 USA

Europe
Jefferson House
Eglinton Road
Dublin D04 H9T7
Ireland

In addition, if you are a resident of the European Economic Area, you may also contact our Data Protection Officer 8, [name of DPO], via [webpage contact form], by email at [email] or by postal mail [or telephone ]at:

[Contact details of the DPO]

We hope that our Data Protection Officer can address any concerns or complaints, but if you are a resident of a country in the European Economic Area, you may also lodge complaints with a supervisory authority, particularly the supervisory authority in your place of residence, place of work or in the place where any alleged improper acts occurred.


8 NTD: It is assumed that contact details for the organization have been provided above. In addition, although the GDPR requires that the contact details provided for the DPO must be effective to reach the DPO, it does not appear strictly necessary to provide direct email or direct phone information.

For Residents of the European Economic Area

The following information is provided for residents of the European Economic Area, in case we may hold personal information about them.

Why We Are Able to Collect and Use Your Personal Information 9

We rely on our legitimate interests and the legitimate interests of our clients 10 as the legal basis for processing data concerning users of the Site who are residents of the European Economic Area (or “EEA”). Specifically, it is necessary for us to process personal data in order to pursue our legitimate interests in ensuring the proper operation and furthering our understanding of the Site and services accessed through the Site. Also, for people who use the Site or access services on behalf of one of our clients, we collect and process information as a necessary part of the services that we provide to our clients.

In some cases, where we ask for your consent to use information about you, your consent acts as the legal basis for our use of that data. In those cases, you have the right to withdraw your consent at any time. If you would like to withdraw your consent, please contact us or our Data Protection Officer as provided in this Notice under “Contact Us.” 11


9 NTD: Under the GDPR, the legal basis for processing personal data must be provided.See Articles 6-10 of the GDPR for information regarding recognized legal bases for processing data in the ordinary case and means of obtaining valid consent to processing, as well as recognized legal bases for processing personal data concerning children, special categories of data (i.e., sensitive data) and personal data relating to criminality. The sample text provided here contemplates legitimate interests and consent as legal bases for processing. This text must be conformed to the legal basis or bases relied on in the present case.

10 NTD: Please note that relying on Relying on legitimate interests or the legitimate interests of third parties as the legal basis for processing personal data implicates a balancing test, under which the controller must consider whether its legitimate interests in processing personal information are not overridden by the “interests or fundamental rights and freedoms of the data subject.” (See GDPR at Article 6(1)(f).) If a controller relies on legitimate interests as a legal basis for processing, it must record its consideration of this balancing test as part of its records for GDPR compliance.

11 NTD: This paragraph should be removed if there is no functionality on the website to obtain users’ consent to collection or processing of personal data.

Transfer of Your Personal Information Outside of the European Economic Area 12

For the purposes described in this Notice, we may transfer personal information out of the EEA to the United States [or <list other countries to which personal information may be transferred>], which may not have laws that provide the same level of protection of personal information as the laws of the EEA, or where the European Commission has not issued any formal decision that these countries provide an adequate level of protection of personal information.

In order to ensure that adequate protections are provided for personal information, we will perform these transfers of personal information outside of the EEA under standard contractual clauses approved by the European Commission, as permitted pursuant to Article 46(2)(d) and (5) of the General Data Protection Regulation (Regulation 2016/679). 13

If you would like more information about our transfer of data outside of the EEA or copies of relevant documents, please contact us or our Data Protection Officer as provided in this Notice under “Contact Us.”


12 NTD: Include this subsection if there are such transfers of personal data from the EEA to third countries or international organizations, otherwise remove.

13 NTD: Use of standard contractual clauses described here is not the only mechanism to permit transfer of personal information to third countries or international organizations. Such transfers may also be conducted on the basis of consent of the data subject (provided certain disclosures are made), participation in Privacy Shield for transfers to the U.S., binding corporate rules or other means. See Articles 44-49 of the GDPR for additional information.

Rights of Residents of the European Economic Area

If you are a resident of a country within the EEA, you have certain individual rights under the General Data Protection Regulation (Regulation 2016/679) or related local legislation. You have the right to obtain confirmation from us as to whether or not we process personal information about you. And if we do process your personal information, your other rights include:

  • The right to access your personal information and receive certain information about our privacy practices.
  • The right to have us correct incorrect information that we hold concerning you, or to complete incomplete information.
  • The right to request that we erase information concerning you and to have that information erased under certain conditions.
  • The right to restrict our processing of information concerning you under certain conditions.
  • The right to object to our processing of information concerning you under certain conditions.
  • The right to object to our use of information concerning you for direct marketing, or for profiling relating to direct marketing.
  • The right to receive personal information that you provided to us in a structured and commonly-used, electronic format and the right to transmit that information to another entity, in certain situations.
  • The right to object to decisions based on automated processing of information concerning you, if those decisions have legal effects or similarly significant effects.

If you would like to exercise any of these rights, please contact us or our Data Protection Officer as provided in this Notice under “Contact Us.”

Please understand that, before responding to your request, we may ask you for additional information in order to verify your identity.

[If we hold information concerning you on behalf of one of our clients, please understand that we may not be aware that we have your information because we avoid receiving personally identifying details from many of our clients. Or, if we are aware that we hold or process information about you on behalf of a client, we may not be able to accommodate your request to exercise these rights, and we may direct you or your request to our client who controls that data.] 14

We may not be obligated to fulfill your request to exercise your rights if we are restricted by applicable local laws, or if fulfilling your request would negatively impact the rights and freedoms of other individuals.

We may decline to fulfill requests or charge a reasonable fee based on our administrative costs if requests are clearly excessive or unfounded, including in cases where requests are repetitive.


14 NTD: To be included if applicable.