PRIVACY POLICY

Effective date: August 16, 2018

Thank you for visiting our website. Great Bay Software, Inc., located at 7900 International Drive, #625, Bloomington, MN 55425 (“Great Bay Software,” “us”, “we”, or “our”) operates the https://greatbaysoftware.com website, and related subsites (collectively, the “Site”) and provides security services (the “Security Services”). We provide this Privacy Policy to explain how we handle two categories of information:

  1. Processor Data: When Great Bay Software provides Security Services, we typically process personal data within our client’s infrastructure and environment, and such processing is subject to the applicable client’s privacy policies and procedures. There are, however, some occasions where we will collect personal data from our clients. In these instances, the personal data we collect and process is done on behalf of our clients. We refer to this data as “Processor Data.” Under applicable law, Great Bay Software is considered the “data processor” of the Processor Data, and the “data controller” of the data (i.e. the company with the right to decide how data is used) is our applicable client.
  2. Controller Data: Great Bay Software may also process personal data for our own business purposes. We refer to this data as “Controller Data.” This includes, for example: (a) personal data we use for marketing, sales, and client relationship management; (b) personal data related to the personnel of our clients or service providers; and (c) other business-related personal data collected on the Site or elsewhere for our own business.

I. OUR COLLECTION, USE, AND DISCLOSURE OF PROCESSOR DATA

  1. Collection of Processor Data

Great Bay Software’s Security Services are installed and operated within a client’s security infrastructure. Though we rarely collect personal data when providing Security Services, there are some instances in which we may collect certain information, including personal data, from or on behalf of our Security Services clients and their personnel. Because of the nature of the Security Services, this information may contain any type of personal data, including names, contact information, and other identifying information. For example, in providing Security Services, we may collect the following types of information that may be Processor Data:

  • Device identifiers, operating system, time zone, MAC addresses, and other information about computing systems, applications, and networks;
  • Names, emails, and phone numbers;
  • Job-related information, such as job titles, company name, and company address;
  • Information about activity on computing systems, websites, applications, and networks;
  • System logs and traffic, including URLs;
  • Data, including geolocation information (e.g., GPS coordinates or building/floor location), regarding where devices used for the Security Services are located;
  • IP addresses and inferred information related to IP addresses (e.g., inferred company, inferred country, etc.); and
  • Information provided to us for troubleshooting or security inquiries (e.g. if a client sends us support tickets).

Some of the technical information listed above is considered personal data in certain contexts.

  1. Uses of Processor Data

Subject to our contractual obligations, and depending on the particular Security Services, we may use and disclose the information described above (sometimes in combination with other information we obtain, such as from our clients):

  • To provide the Security Services, including by (a) providing maintenance and technical support; and (b) analyzing and improving the Security Services;
  • To enforce the legal terms that govern the Security Services;
  • To comply with law and protect rights, safety, and property; and/or
  • For other purposes requested or permitted by our clients, or as reasonably required to perform our business.
  1. Disclosures of Processor Data

Subject to our contractual obligations, and depending on the particular Security Services, we may share the information described above as follows:

  • To provide the Security Services, which can involve sharing personal data with our client and with third parties selected by the client or its users;
  • To enforce the legal terms that govern the Security Services;
  • To comply with law, and where we deem disclosure appropriate to protect rights, safety and property (for example, for national security or law enforcement);
  • As part of an actual or contemplated business sale, merger, consolidation, change in control, transfer of substantial assets or reorganization; and/or
  • For other purposes requested or permitted by our clients or users, or as reasonably required to perform our business.

We may also share information with our affiliates and other entities that help us with the activities described in this Privacy Policy.

II. OUR COLLECTION, USE, AND DISCLOSURE OF CONTROLLER DATA

  1. Collection of Controller Data

We collect two types of Controller Data: (1) data provided directly to us by you or third parties; and (2) data collected automatically from your browser or device.

  • Data Directly Provided by You or Third Parties

When visiting or using our Site, we may ask you to provide us with certain information, including information that can be used to contact or identify you. The data we collect may include, but is not limited to: (1) name; (2) email address; (3) phone number; (4) business address; (5) mailing address; and (6) business phone number. We obtain Controller Data directly from Site visitors or their employers, and also from third-party sources, such as clearinghouses, data brokers, fraud databases, referrals from clients and users, as well as publicly-available sources such as company websites.

  • Cookies and Automated Data Collection

We also collect Controller Data through the technology described in the Cookies and Similar Automated Data Collection section below.

  1. Uses of Controller Data

We use Controller Data for the following purposes:

  • To provide our Site and other services, and any other business offerings;
  • For marketing, advertising, and other communications;
  • To manage our relationships with clients, partners, suppliers, and others;
  • To notify clients about changes to our products and services;
  • To analyze, improve, and create products and services;
  • To enforce the legal terms that govern our business and online properties;
  • To comply with law and protect rights, safety, and property;
  • For other purposes as reasonably required to perform our business.
  1. Disclosures of Controller Data

Subject to our contractual obligations, we disclose Controller Data as follows:

  • Affiliates: We may disclose Controller Data to our affiliates or related companies;
  • Consent: We may disclose Controller Data to nonaffiliated third parties based on your consent to do so.
  • Service Providers: We may provide access to Controller Data to select third parties who perform services on our behalf. These third parties provide a variety of services for us, including without limitation billing, sales, marketing, advertising, market research, data storage, fraud and safety protection, and legal services.
  • Legal Requirements: We may disclose Controller Data when required by law or when we believe in good faith that such disclosure is necessary to: (1) comply with subpoenas, court orders, or other legal process we receive; (2) establish or exercise our legal rights including enforcing our Terms of Use; or (3) defend Great Bay Software against legal claims.
  • Protection of Great Bay Software and Others: We may disclose Controller Data when we believe it appropriate to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Use or any other legal terms governing use of the Site, and/or to protect our rights and property and the rights and property of others.
  • Business Transfers: We may disclose Controller Data as part of an actual or contemplated business sale, merger, consolidation, change in control, transfer of substantial assets or reorganization;
  • Other: We may disclose Controller Data as reasonably required to perform our business.
  1. Our Legal Bases for Use of Controller Data

The laws in some jurisdictions require companies to tell you about the legal ground they rely on to use or disclose your personal data. To the extent those laws apply, our legal grounds for processing Controller Data are as follows:

  • Legitimate interests: In most cases, we handle personal data on the ground that it furthers our legitimate interests in commercial activities such as the following in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals:
    • Protecting our business, personnel and property
    • Customer service
    • Marketing
    • Analyzing and improving our business; and/or
    • Managing legal issues

We may also process personal data for the same legitimate interests of our clients and business partners.

  • To honor our contractual commitments to the individual: Some of our processing of personal data is to meet our contractual obligations to individuals, or to take steps at clients’ request in anticipation of entering into a contract with them.
  • Consent: Where required by law, and in some other cases, we handle personal data on the basis of consent.
  • Legal compliance: We may also use and disclose personal data in certain ways to comply with our legal obligations.

III. YOUR EU RIGHTS AND CHOICES

We provide the options described below for exercising rights and choices, which are subject to important limits or exceptions under applicable law:

  1. Processor Data

To exercise rights or choices with respect to Processor Data, please make your request directly to the client for whom we process the personal data.

  1. Controller Data

To keep your personal data accurate, current, and complete, please contact us as specified below. We will take reasonable steps to update or correct personal data in our possession that you have previously submitted via this Site.

The law of your jurisdiction (for example, within the European Economic Area) may give you additional rights to request access to and rectification or erasure of certain of your personal data we hold. In some cases, you may be entitled to receive a copy of the personal data you provided to us in portable form or to request that we transmit it to a third party. The law may also give you the right to request restrictions on the processing of your personal data, to object to processing of your personal data, or to withdraw consent for the processing of your personal data (which will not affect the legality of any processing that happened before your request takes effect). You may contact us as described below to make these requests.

For example, residents of the European Economic Area and certain other jurisdictions may have a right to opt out of our processing of Controller Data for direct marketing purposes. You can exercise this right by contacting us as described below. Our marketing emails and certain other communications include unsubscribe instructions, which you can use to limit or stop the relevant communications. Opt-out processes may take some time to complete, consistent with applicable law. Certain communications (such as certain billing-related communications or emergency service messages) are not subject to opt-out.

You may contact us with any concern or complaint regarding our privacy practices, and you also may lodge a complaint with the relevant governmental authority.

IV. AGGREGATE OR DE-IDENTIFIED DATA

Subject to applicable law and our contractual obligations, (i) we may aggregate or de-identify Controller Data or Processor Data so that the information cannot be linked to the relevant individual and (ii) our use and disclosure of aggregated, anonymized, and other non-personal information is not subject to any restrictions under this Privacy Policy, and we may disclose it to others without limitation for any purpose.

V. COOKIES AND SIMILAR AUTOMATED DATA COLLECTION

We may collect certain information on our Site, in our emails, or otherwise through the course of providing services by automated means such as cookies, Web beacons, and JavaScript and mobile device functionality. This information may include unique browser identifiers, IP address, browser and operating system information, device identifiers (such as the Apple IDFA or Android Advertising ID), geolocation, other device information, Internet connection information, as well as details about individuals’ interactions with our Site and emails (for example, the URL of the third-party website from which you came, the pages on our website that you visit, and the links you click on in our websites).

We and third parties may also use automated means to read or write information on users’ devices, such as in various types of cookies and other browser-based or plugin-based local storage (such as HTML5 storage or Flash-based storage). Cookies and local storage are files that contain data, such as unique identifiers, that we or a third party may transfer to or read from a user’s device for the purposes described in this Privacy Policy, such as recognizing the device, service provision, record-keeping, analytics and marketing, depending on the context of collection.

These technologies help us (a) remember your information, including any applicable logins, on the pages you visit; (b) display personalize content; (c) perform analytics, and measure traffic and usage trends, and better understand the demographics of our users; (d) diagnose and fix technology problems; and (e) otherwise plan for and enhance our business.

You can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Microsoft Edge; Google Chrome; Mozilla Firefox; or Apple Safari). Please note that by blocking any or all cookies, you may not have access to certain features or offerings of the Site. We may also use local shared objects (also known as “Flash cookies”) to assist in delivering special content, such as video clips or animation. Flash cookies are stored on your device, but they are not managed through your web browser. To learn more about how to manage Flash cookies, you can visit the Adobe website and make changes at the Global Privacy Settings Panel.

We may use third-party web analytics services (such as those of Google Analytics) on our Site to collect and analyze the information discussed above, and to engage in auditing, research or reporting. The information (including your IP address) collected by various analytics technologies described in above may be disclosed to or collected directly by these service providers, who use the information to evaluate your use of the Site, including by noting the third-party website from which you arrive, analyzing usage trends, assisting with fraud prevention, providing certain features to you, and other purposes. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here. If you receive email from us, we may use certain analytics tools, such as clear GIFs, to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns.

Also, in some cases, we facilitate the collection of information by advertising services administered by third parties. The ad services may track users’ online activities over time by collecting information through automated means such as cookies, and they may use this information to show users ads that are tailored to their individual interests or characteristics and/or based on prior visits to certain sites or apps, or other information we or they know, infer or have collected from the users. For example, we and these providers may use different types of cookies, other automated technology, and data (i) to recognize users and their devices, (ii) to inform, optimize, and serve ads and (iii) to report on our ad impressions, other uses of ad services, and interactions with these ad impressions and ad services (including how they are related to visits to specific sites or apps).

To learn more about interest-based advertising generally, including how to opt out from the targeting of interest-based ads by some of our current ad service partners, visit aboutads.info/choices or youronlinechoices.eu from each of your browsers. You can opt out of Google Analytics and customize the Google Display Network ads by visiting the Google Ads Settings page. If you replace, change or upgrade your browser, or delete your cookies, you may need to use these opt-out tools again. We do not respond to browser-based do-not-track signals.

Please visit your mobile device manufacturer’s website (or the website for its operating system) for instructions on any additional privacy controls in your mobile operating system, such as privacy settings for device identifiers and geolocation.

VI. SECURITY

We have put in place physical, electronic, and managerial procedures to safeguard data and help prevent unauthorized access, to maintain data security, and to use correctly the data we collect. However, we cannot assure you that data that we collect will never be used or disclosed in a manner that is inconsistent with this Privacy Policy.

If a password is used to help protect your personal data, it is your responsibility to keep the password confidential. Do not share this information with anyone.

VII. DATA RETENTION

We will retain your information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. To provide security and business continuity for the activities described in this Privacy Policy, we make backups of certain data, which we may retain for longer than the original data.

VIII. CHILDREN’S PRIVACY

The Site and our Security Services are not intended for anyone under the age of 18. If we become aware that we have inadvertently collected “personal information” (as defined by the United States Children’s Online Privacy Protection Act) from children under the age of 13, children under the age of 14 in Spain or South Korea, or from an EU resident under the age of 16 without parental consent, we will take reasonable steps to delete it as soon as possible. We also comply with other age restrictions and requirements in accordance with applicable local laws.

IX. LINKS TO OTHER WEBSITES AND SERVICES

The Site may contain links to third-party websites or services. We are not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your information will be subject to the privacy policies of the third-party websites or services, and not this Privacy Policy. We urge you to read the privacy and security policies of these third-parties.

X. MODIFICATIONS TO THIS PRIVACY POLICY

We reserve the right to change this Privacy Policy at any time to reflect changes in the law, our data collection and use practices, the features of our services, or advances in technology. Please check this page periodically for changes. Any updated Privacy Policy will be posted on the Site via a hyperlink in the footer or other convenient location.

XI. CONTACT US

If you have any questions about our practices or this Privacy Policy, please contact us by email at legal@greatbaysoftware.com.