Privacy policy
ComplianceMetrix (CMX1) privacy policy
Last Updated: October 19, 2023
Your privacy is very important to us. This privacy policy (this “Privacy Policy”) discloses how Compliancemetrix, Inc. and its subsidiaries and affiliates (“ComplianceMetrix”, “CMX1”, “we”, “our”, and “us”) may collect, use and share personal information we gather about you in connection with our websites at www.cmx1.com and www.compliancemetrix.com (each, the “Site”), the ComplianceMetrix online application suite, and any other websites or platforms we own and operate that link to this Privacy Policy (together with the Site, the “CMX1 Platform”), together with our products, services, social media pages, events, emails, and other electronic communications (collectively, including the CMX1 Platform, the “Service”), and the choices you have with respect to your personal information. ComplianceMetrix respects the privacy of our customers and other visitors to our websites and we recognize the need for appropriate protections and management of personal information that you provide to us. This Privacy Policy will assist you to understand what types of personal information we may collect, how that information may be used, and with whom the information may be shared.
This Privacy Policy does not apply to personal information that we may store or maintain on behalf of any of our customers who use our Service, where applicable. For more information about the privacy practices of one of our customers, please refer to their privacy policy or notice.
This Privacy Policy covers the following topics:
COLLECTION OF PERSONAL INFORMATION
OUR USE OF YOUR PERSONAL INFORMATION
SHARING OF PERSONAL INFORMATION
STORAGE, RETENTION, AND ACCURACY OF PERSONAL INFORMATION
LINKS TO OTHER WEB SITES AND THIRD PARTIES
INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
COLLECTION AND USE OF Personal INFORMATION
ComplianceMetrix collects personal information when you provide it to us, which may include the following:
- Contact information, such as first and last name, email address, phone number, and mailing address.
- Professional information, such as company name, job title, company location, and other details we may collect about your business or profession.
- Account information, such as your log-in details, information that you store in your account, information you provide during registration or agreement submission, and other details about your use of the Service.
- Payment information, such as bank account number, credit or debit card number, or financial account details used for payments. All payment processing services connected with your use of the Service is provided to you by third-party payment processors.
- Order history, such as records of products and services you have purchased from us.
- Preferences, such as any preferences you set in your account and any marketing or communications preferences.
- Survey responses, such as the information you provide in response to our surveys or questionnaires.
- Communications, such as the information associated with your requests or inquiries, including for support, assistance, or order information, and any feedback you provide when you communicate with us. We and our service provider may also record or monitor any call or chat you have with us for quality control or training purposes, or to enforce our rights.
Customers and other users of the Service may have the opportunity to refer contacts to us and share their contact information with us. Please do not refer someone to us or share their contact information with us unless you have their permission to do so.
We may also obtain personal information about you from third parties, such as social media platforms and other public sources, third parties that help us advertise our products and services and find new customers, joint marketing partners, event co-sponsors, and other third parties. If you connect your CMX1 account to a third-party platform using one of our integrations, we may also receive your personal information from such third-party platform.
We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your activity over time on our Service and other sites and online services, such as:
- Device data, such as your computer or mobile device operating system type and version number, manufacturer and model, browser type, screen resolution, IP address, unique identifiers, the website you visited before browsing to our website, and general location information such as city, state, or geographic area.
- Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.
cookies and other technology
Like many online services, we use technologies to facilitate some of the automatic data collection described above (such as device and online activity data).
- Cookies. We use cookies on certain web pages to help analyze our web page flow and measure promotional effectiveness. Cookies are pieces of information a website sends to an individual’s device while they are viewing the website to uniquely identify the individual’s browser or to remember important information in the browser that will make your visit to the website more useful. We use cookies to help improve your future visits, such as to help you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.
Most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser’s settings. Many browsers accept cookies by default until you change your settings. Please note that by turning cookies off, you will not have access to many features available on our Service and they may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.
- Web beacons, also known as pixel tags or clear GIFs. Web beacons are typically used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked, typically to compile statistics about usage of websites and the success of marketing campaigns.
- Local storage. This is used to save data on an individual’s device. We may use data from local storage to, for example, turn on web navigation, store multimedia preferences, customize what we show you based on your past interactions with our Service, and remember your preferences.
- Session-replay technologies. These are third-party software programs that we may use on the Site or in some locations of the Service to record a video replay of user’s interactions with the Service. The video replay may include users’ clicks, mouse movements, scrolls, mobile app touches, typing, and other activity taken during the session. We use these replays for research and development purposes, such as to help us troubleshoot problems with the Service, understand how users interact with and use the Service, and identify areas for improvement.
We do not respond to browser-based “do not track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com. Currently, we do not have any third party sites who push content to our Site.
We use Google Analytics on our Site. Google Analytics is a web analytics service provided by Google. Google Analytics uses cookies to collect anonymous traffic data to help us analyze how users use the website. You can learn more about Google Analytics cookies by clicking here and about how Google protects your data by clicking here. If you have concerns relating to the usage of Google Analytics, it is possible to block Google Analytics by installing a plug-in to your browser. A plug-in for the most common browsers can be found here: http://tools.google.com/dlpage/gaoptout.
CHILDREN AND DATA COLLECTION
The Service is not intended for use by anyone under the age of 18, and we do not knowingly collect personal information from minors under 18.
OUR USE OF YOUR PERSONAL INFORMATION
We primarily use your Personal Information to facilitate the services you request. We also use your Personal Information as described in this Privacy Policy or as otherwise disclosed to you at the time of collection. For example, we may use your Personal Information:
- To provide the Service, including to operate our business and provide our related Service. For example, we use personal information for the following purposes:
- To fulfill your requests for certain products or services;
- To better understand your needs and provide you with more customized service;
- To communicate with you about the Site or our products and services, including providing notices about your account or transaction;
- To respond to any questions or concerns that you may have;
- To establish, manage, monitor, and maintain your account;
- To provide maintenance and support;
- To verify your identity or determine your eligibility for offers or promotions; and
- To fulfill any other purpose for which you provide personal information.
- For research and development, including to study and improve the Service and our business, understand and analyze the usage trends and preferences of our users, and develop new features, functionality, products, and services. As part of these activities, we may create aggregated, de-identified, or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes.
- For direct marketing, such as when we send you ComplianceMetrix-related or other direct marketing communications as permitted by law, including materials, updates, information, special offers, and promotional material from us and our business partners. If you do provide us with personal information we may use the information to contact you, via e-mail, regular mail, telephone or other means, to provide you with information that you requested about specific products or services, provide additional future information about products or services that may be of interest to you, and to learn about and develop products and services. If you do not want this information disclosed you may “opt out” of future contacts at any time by contacting the Privacy Officer, in writing, as described below in the section titled “Contact Information.”
- For interest-based advertising, which means we work with third-party advertising companies and social media companies to help us advertise our business and to display ads for our Service. These companies may use cookies and similar technologies to collect information about you (including the online activity and device data described above) over time across our Service and other websites and services or your interaction with our emails, and use that information to serve ads that they think will interest you. In addition, some of these companies may use hashed customer lists that we share with them to deliver ads to you and to similar users on their platforms. You can learn more about your choices for limiting interest-based advertising in the “Your Choices” section below.
- To comply with laws and regulations where we believe necessary or appropriate, such as lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.
- For compliance, fraud prevention, and safety, including using and disclosing personal information to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) maintain the safety, security, and integrity of the Service, business, databases, and other technology assets; (b) protect our, your, or others’ rights, privacy, safety or property (including by making and defending legal claims); (c) audit our internal processes for compliance with legal and contractual requirements and internal policies; (d) enforce the terms and conditions that govern the Service; and (e) prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
- With your consent, such as in accordance with your prior direction or, in some cases, we may specifically ask you for your consent to collect, use, or share your personal information, such as when required by law.
SHARING OF PERSONAL INFORMATION
We may share Personal Information with our service providers, consultants, and current or future affiliates for our internal business purposes, in order to provide you the Service (i.e., providing hosting services, marketing assistance, courier or freight providers, analyzing user data, processing payment card information, and for other legitimate purposes permitted by applicable law), and as otherwise described in this Privacy Policy or at the time of collection.
Certain features of the Service are designed to or may optionally be set to integrate with the products and services offered by third parties. If you or the organization through which you access the Service is using the Service as part of an integrated platform, we may share your personal information with the third parties with whom our Service is integrated.
If you joined or were added to the Service as an authorized user of your employer, we may share personal information about you with your employer to facilitate the services that we provide to them.
We may also share personal information with third parties who we partner with for advertising campaigns or that collect information about your activity on the Service for the purposes described in the “interest-based advertising” section above.
ComplianceMetrix reserves the right to disclose personal information to a third party if a law, regulation, search warrant, subpoena, or court order legally requires or authorizes us to do so. We may also disclose personal information in the good faith belief that such action is necessary to comply with a legal obligation or for the purposes described above in the section titled “For compliance, fraud prevention, and safety.”
ComplianceMetrix also reserves the right to disclose and/or transfer personal information to a third party in the event of a proposed or actual purchase, sale, lease, merger, amalgamation or any other type of acquisition, disposal, or financing of all or any portion of ComplianceMetrix or of any of the business or assets or shares of ComplianceMetrix or a division thereof.
ComplianceMetrix collects information and data on how the Service is used by visitors and customers (such as, but not limited to, demographic information, search terms used or how customer perform searches and information about the platform and workflow) (the “Usage Data”) and reserves the right to use, modify, and share such Usage Data in its discretion. In the event any personally identifiable information, data, or content is anonymized, ComplianceMetrix and its agents, subcontractors and licensors may use and share such anonymized information without restriction in accordance with applicable laws.
Your choices
If you need to make a change to the personal information contained in your account and are unable to do this through your account settings, please email us using the contact information at the end of this Privacy Policy. We rely on you to update and correct the personal information contained in your account. Note that we may keep historical information in our backup files as permitted by law.
You may opt-out of marketing-related emails by clicking the “unsubscribe” link at the bottom of the email or by contacting us as described at the end of this Privacy Policy. You may still receive service-related communications, such as those relating to your account.
We may also offer communications via text messages sent by ComplianceMetrix or any of our service providers. To stop receiving text messages from us, reply STOP to any text message you receive from us, or send your request and mobile telephone number to the email address listed at the end of this Privacy Policy. Note that we may send you a message to confirm receipt of your STOP request.
To limit the use of your information for interest-based advertising, you can block third-party cookies in your browser settings, using browser plug-ins/extensions, or using your mobile device settings (see the section above, “Cookies and Other Technology,” for more information). You can also opt out of interest-based ads from companies participating in the following industry opt-out programs by visiting the linked websites: the Network Advertising Initiative (http://www.networkadvertising.org/managing/opt_out.asp) and the Digital Advertising Alliance (https://optout.aboutads.info). Some of the companies we work with may offer their own opt-out mechanisms. For example, you can learn more about how Google uses cookies for advertising purposes by clicking here and opt-out of ad personalization by Google by clicking here. Many of the opt-out preferences described here must be set on each device or browser for which you want them to apply. Please note that some of the advertising companies we work with may not participate in the opt-out mechanisms described above, so even after opting-out, you may still receive interest-based advertisements from other companies. If you opt-out of interest-based advertisements, you will still see advertisements online but they may be less relevant to you.
We endeavor to protect your Personal Information using reasonable measures appropriate to the sensitivity of the information in our control. These measures include safeguards to protect Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use and modification.
Security
We endeavor to protect your personal information using reasonable measures appropriate to the sensitivity of the information in our control. These measures include safeguards to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use and modification.
Although “guaranteed security” does not exist either on or off the Internet, we make reasonable efforts to make the collection and security of such information consistent with our Privacy Policy and all applicable laws and regulations.
You may report security concerns by contacting security@cmx1.com.
STORAGE, RETENTION, AND ACCURACY OF PERSONAL INFORMATION
ComplianceMetrix retains your Personal Information:
- For so long as your account is active or as needed to provide you with services or to fulfill our contractual obligations;
- As necessary to comply with our legal obligations, resolve disputes, and enforce our agreements; and
- For so long as is necessary for the purposes for which we collected such Personal Information.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
Links to other websites and third party Processors
Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
Digital Marketing Service Providers
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include: (i)Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io. Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.”
Please note that the Site and Service may contain links to other websites and online services for your convenience and information. ComplianceMetrix does not control those sites or their privacy practices, which may differ from our practices. This Privacy Policy cannot and does not apply to external websites. We do not endorse or make any representations about third party websites. The personal data you choose to give to unrelated third parties is not covered by this Privacy Policy. We encourage you to review the privacy policy of any company or website before submitting your personal information. Some third parties may choose to share their personal data with ComplianceMetrix; that sharing is governed by that third party company’s privacy policy.
california visitors
Under California Civil Code sections 1798.83-1798.84, California residents who have an established business relationship with ComplianceMetrix are entitled to ask us for a notice describing what categories of personal information we share with third parties for the third parties’ direct marketing purposes. If you are a California resident and would like a copy of this notice, please submit your request to the email address listed at the end of this Privacy Policy with “Shine the Light” in the subject line.
nevada visitors
Nevada Revised Statutes Chapter 603A allows Nevada residents to opt-out of the “sale” of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. We do not currently sell personal information as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt-out of sales using the contact information listed at the end of this Privacy Policy and we will record your instructions and incorporate them in the future if our policy changes.
EUROPEAN VISITORS
The information provided in this section applies only to individuals in the European Economic Area and the United Kingdom (collectively, “Europe”). Except as otherwise specified, references to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.
The controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation is ComplianceMetrix, Inc., 4180 La Jolla Village Dr., La Jolla, California, 92037, USA.
The applicable legal bases of our processing of your personal information as described in this Privacy Policy will depend on the type of personal information and the specific context in which we process it. However, the legal bases we typically rely on are set out in the table below. We rely on our legitimate interests as our legal basis only where those interests are not overridden by the impact on you (unless we have your consent or our processing is otherwise required or permitted by law). If you have questions about the legal basis of how we process your personal information, contact us using the contact information at the bottom of this Privacy Policy.
PROCESSING PURPOSE (as described above in the “Our Use of Your Personal Information” section) |
LEGAL BASIS |
To Provide the Service |
Processing is necessary to perform the contract governing our operation of the Service, or to take steps that you request prior to engaging us or our products. Where we cannot process your personal information as required to operate the Service on the grounds of contractual necessity, we process your personal information for this purpose based on our legitimate interests as further described in this Privacy Policy. |
Research and Development |
Processing is based on our legitimate interests in performing research and development as described in this Privacy Policy. |
Direct Marketing |
Processing is based on your consent where that consent is required by applicable law. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consented or via the relevant Service. Where such consent is not required by applicable law, we process your personal information for this purpose based on our legitimate interests in promoting our business and providing you with tailored, relevant content. |
Interest-Based Advertising |
|
To Comply with Laws and Regulations |
Processing is necessary to comply with our legal obligations. |
For Compliance, Fraud Prevention, and Safety |
Processing is necessary to comply with our legal obligations or based on our legitimate interests in protecting our or others’ rights, privacy, safety, or property. |
With Your Consent |
Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or via the relevant Services. |
We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.
In accordance with applicable laws, you may have the right to request access to, rectification, and erasure of your personal information; restriction of processing of personal information; objecting to certain processing of personal information; and the right to data portability. Where any processing of personal information is solely dependent upon your consent, you have the right to withdraw such consent at any time (for example, by using the unsubscribe link contained in an applicable marketing message or emailing us at privacy@compliancemetrix.com). To exercise your rights under these provisions, please contact us as provided at the end of this Privacy Policy. When we receive your requests, we may ask you to verify your identity before we can act on your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
Where you believe that we have not processed your request or your personal information in accordance with applicable laws, you may contact us or lodge a complaint with the respective supervisory authority or data protection regulator in your jurisdiction. In the European Economic Area, you can find your data protection regulator here. In the United Kingdom, you can find your data protection regulator here.
International transfers of personal information
CMX1 is based in the United States, and we have service providers in the United States and potentially other countries. By using the Site or Service, your personal information may be collected, used, and stored in these countries or other locations outside of your home country. Privacy laws in the locations where we handle your personal information may not be as protective as the privacy laws in your home country.
By providing your personal information, where applicable law permits, you specifically and expressly consent to the transfer of your information to the United States and processing globally as described in this Privacy Policy.
For our European visitors and customers, if we transfer your personal information to a country outside of Europe such that we are required to apply additional safeguards to your personal information under European data protection laws, we will do so. Please contact using the contact information below for further information about any such transfers or the specific safeguards applied.
CHANGES TO OUR PRIVACY POLICY
ComplianceMetrix may update this Privacy Policy at any time. When ComplianceMetrix posts changes to this Privacy Policy, we will also revise the “Last Updated” date at the top. In some cases, ComplianceMetrix may notify you by email, by means of a notice on our home page, or other means as may be required by applicable law. ComplianceMetrix encourages you to review this Privacy Policy periodically to stay informed of ComplianceMetrix’s policies and practices. Your continued use of the Service after the posting or other notification of any amended Privacy Policy constitutes your acknowledgement of such changes.
contact information
If you would like to exercise any rights described in this Privacy Policy, or have any privacy-related questions or complaints, please contact the Privacy Officer. The Privacy Officer can be reached by telephone at: 888-866-8888, by email at: privacy@compliancemetrix.com, or by mail at ComplianceMetrix, Inc., 4180 La Jolla Village Drive, Suite 570, San Diego CA 92037. We will address your concern and attempt to resolve any problem.