Estuate’s Privacy Policies
EFFECTIVE DATE: December 15, 2020
Please read this Policy carefully. By checking a box to indicate acknowledgment of this Policy when you submit information to us, and by choosing to use our Services, you acknowledge and agree that your personal information may be used pursuant to this Policy. If you do not feel comfortable with any part of this Policy, you must not use or access our Services.
We reserve the right to change this Policy at any time. Please check this page periodically for changes. If we make any material changes to this Policy, we will provide you with notice by displaying a notice on our Services or by emailing the email address we have on file for you. If you do not agree with the changes, you should contact us and discontinue your use of the Services. Your continued use of the Services following the posting of changes to this Policy will mean you agree to be bound by those changes.
1. Information We Collect
Through our Services we collect personal information. Personal information is information that, alone or in combination with other information, may be used to identify you. Below, we describe the personal information we may collect about you.
a) Information You Provide To Us.
We may collect information that you provide to us through the Services, which you provide voluntarily. We collect your name, company, work email address, phone number, country, and other information you provide to us when you contact us for a demo, access webinars or other content provided through our Services, submit questions or comments, contact customer support, or request additional information about Estuate or our Services.
b) Automatically Collected Information
c) Job Application Data.
When you choose to apply for a job with us, we collect and store your job application information, such as your name, email address, phone number, start date, years of experience, and other information you provide to us about your professional or educational background (e.g., a curriculum vitae, portfolio). We may also collect your job application information via third party services, such as LinkedIn, unless prohibited by applicable law.
2. Why We Collect Personal Information
We use personal information for the following purposes:
a) To provide our Services;
b) To send you service-related communications (i.e., communications related to your use of the Services, your transactions, or changes in our policies);
c) To provide customer support and respond to your inquiries;
d) To promote our Services, i.e., through advertising;
e) To improve our Services and conduct research and development;
f) For internal record-keeping and legal and regulatory compliance purposes;
g) To conduct hiring;
h) To protect you, us and others; or
i) To ensure the security of our Services.
3. Information We Share
We may share your personal information in the following situations:
a) Within the Corporate Structure.
We may share information within our corporate structure for use as described in this Policy. Please see our Contact page for more information on our corporate structure.
b) Service Providers.
We may provide access to your information to select third party service providers who perform services on our behalf to facilitate our internal operations and our provision of the Services. These third parties provide a variety of services, including: billing and payment processing, data analysis and storage, security, customer support, accounting, human resources, and legal services.
c) Business Transfer.
In the event of a merger, reorganization, consolidation, restructuring, bankruptcy, sale of substantially all interests or assets, or other similar transaction, we may transfer your personal information to the subsequent owner or operator of the Services.
d) Legal Requirements.
We will use and disclose information where we, in good faith, believe that the law or legal process (such as a court order, search warrant or subpoena) requires us to do so or in other exigent circumstances where we believe it is necessary to protect the rights or property of us, our users, or other parties.
We may disclose your information to third parties based on your authorization to do so.
4. Links to Third-Party Sites and Social Media Platforms
You may find links to third-party sites and social media platforms on our Services that we do not own or control (“Third Party Links”). We are not responsible for the content on Third Party Links, nor do we endorse or review the privacy practices of such websites. Please read the privacy policies of such Third Party Links to understand how your personal information will be handled before using their websites or services.
5. Transfers of Your Information
Estuate has offices in the United States, Canada, India, and the United Kingdom. When you access or use our Services, your personal information may be processed in the countries in which we or our service providers operate. Such countries or jurisdictions may have data protection laws that are less protective than the laws of the jurisdiction in which you reside. If you do not want your information transferred to, processed, or maintained outside of the country or jurisdiction where you are located, you should immediately stop accessing or using the Services.
If you are in the European Economic Area, United Kingdom, or Switzerland, please refer to the section below entitled Special Notice to Individuals in the European Economic Area, United Kingdom, and Switzerland.
We generally retain your personal information for as long as necessary to fulfill the purposes of collection or for legal purposes, such as to comply with the law, prevent fraud, resolve disputes, or to enforce our agreements. Otherwise we will try to delete your personal information upon your request or when we no longer need it for the purposes it was originally collected. We will not delete any personal information that also relates to other individuals, unless such other individuals also wish to delete their personal information at the same time.
We recognize that retention requirements can vary between jurisdictions, but we generally apply the retention periods described below.
- Information You Provide to Us. We retain information you provide to use as long as necessary to provide you with the Services at your request, whether pursuant to contract or to take steps at your request prior to entering a contract.
- Automatically Collected Information. We generally do not retain automatically collected information for more than one year.
- Job Application Data. Unless you indicate otherwise, we may retain your job application data for consideration for future roles.
Notwithstanding the foregoing, we may store such information for longer periods as necessary for the establishment or defense of legal claims, audit, or fraud and/or crime prevention purposes.
Estuate takes the security of your personal information very seriously. Estuate maintains technical, physical, and administrative safeguards to help protect the security of information we maintain about you. We are ISO 27001:2013 certified. Please be aware that, due to the nature of the internet, no system can ever be 100% secure. We rely on you to do your part by, among other things, using a secure connection to access our Services. You assume the risk of all liability associated with your use of the Website or Services. Please notify us immediately if you become aware of any unauthorized access to or use of your personal information.
You must be at least 18 years of age (or the age of majority in your jurisdiction) to use the Services. If you are under 18 (or the age of majority in your jurisdiction), you may not use our Services.
We do not knowingly collect personal information of individuals under 18 years of age. If you are a parent or guardian, and believe that your child under the age of 18 has provided personal information to us through the Services, please contact us at the contact information listed below. If we discover that an individual under 18 has provided us with personal information, we will take steps to delete it to the extent required by applicable law.
9. Do Not Track
Some Internet browsers – like Internet Explorer, Firefox, and Safari – include the ability to transmit “Do Not Track” (“DNT”) signals. Since uniform standards for DNT signals have not been adopted, we currently do not process or respond to DNT signals on our Services.
10. Special Notice to Individuals in the European Economic Area, United Kingdom, and Switzerland
This section only applies to individuals located in the European Economic Area (“EEA”), United Kingdom (“UK”), or Switzerland (collectively, the “Designated Countries”) at the time their personal information was collected.
We may ask you to identify which country you are in when you use or access some of the Services, or we may rely on your IP address to identify which country you are located in. When we rely on your IP address, we cannot apply the terms of this section to any individual that masks or otherwise hides their location information from us so as not to appear located in the Designated Countries. If any terms in this section conflict with other terms contained in this Policy, the terms in this section shall apply to individuals in the Designated Countries.
a) Our Relationship to You. Estuate is a data controller with respect to any personal information collected under this Policy. A “data controller” is an entity that determines the purposes and the manner in which any personal information is processed. Any third parties that act as our service providers or are otherwise acting on our behalf that handle your personal information in accordance with our instructions are “data processors.”
b) Legal Bases for Processing Your Personal Information. Below is a list of the purposes described in this policy with the corresponding legal bases for processing.
c) Individual Rights. We provide you with the rights described below when you use our Services. We may limit your individual rights requests: (a) where denial of access is required or authorized by law; (b) when granting access would have a negative impact on other’s privacy; (c) to protect our rights and properties; and (d) where the request is frivolous or burdensome. If you would like to exercise your rights under applicable law, please contact us at the contact information provided below. Please note, we may seek to verify your identity when we receive an individual rights request from you to ensure the security of your personal information. When we fulfill your individual rights requests for rectification, erasure or restriction of processing, we will notify third parties also handling the relevant personal information unless this proves impossible or involves disproportionate effort.
Right to Withdraw Your Consent. You have the right to withdraw your consent at any time.
Right of Access & Portability. You may request a copy of your personal information in our files without undue delay and free of charge, unless we are permitted by law to charge a fee. In certain situations, you may request to receive your personal information in a structured, commonly used and machine-readable format, and to have us transfer your personal information directly to another “controller,” where technically feasible.
Right to Rectification. You may request to correct or update any of your personal information in our files.
Right to Erasure. In certain situations, you have a right to have your personal information in our files deleted.
Right to Restriction or to Object. Under certain conditions, you have the right to restrict our processing of your personal information. You may object to our processing at any time and as permitted by applicable law if we process your personal information on the legal bases of: consent; contract; or legitimate interests.
Automated Individual Decision-Making, Including Profiling. You have the right not to be subject to a decision based solely on automated processing of your personal information, including profiling, which produces legal or similarly significant effects on you, unless an exception applies under applicable law.
Right to Lodge Complaints. If you believe that we have infringed or violated your privacy rights under applicable law or this Policy, please contact us at firstname.lastname@example.org so that we can work with you to resolve your concerns. You also have the right to file a complaint with JAMS at https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim or you may contact your local data protection authority.
11. Privacy Shield
Estuate is responsible for the processing of personal information it receives, under the Privacy Shield Frameworks, or subsequent transfers to a third party acting as an agent on its behalf. Estuate complies with the Privacy Shield Principles for all onward transfers of personal information from the EEA, UK, and Switzerland to the United States, including the onward transfer liability provisions.
If you have an unresolved complaint or dispute arising under the requirements of Privacy Shield, we agree to refer your complaint under the Framework to an independent dispute resolution mechanism. Our independent dispute resolution mechanism is the JAMS. For more information and to file a complaint, you may contact JAMS by visiting the website at https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-ntroduction.With respect to personal information received or transferred pursuant to the Privacy Shield Frameworks, Estuate is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Estuate may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
12. Contact Us