Last updated: June 16, 2020
Who We Are and How To Contact Us
AvidThink is a California limited liability company with the following contact information:
1900 Camden Avenue
San Jose, California 95124
For individuals in the EEA and the U.K.: we may collect your personal data as a ‘data controller’ when we determine the means and purpose of processing, or as a ‘data processor’ when we collect and process personal data on behalf of our corporate customers (“Customers”) who provide us with sponsored content. In some cases, such as when you click on sponsored links from our Customers, we and our Customers are each independent data controllers. Please see the section Additional Information for Users in the EEA and U.K. below for more information.
To Whom Does This Policy Apply
- Customers: this includes any individual who registers individually or on behalf of an entity or organization in order to use the Services.
- Site Visitors: visitors to our Site (this does not include any visitors to our Customers’ individual websites).
- Registered Users: individuals who create an account on our Site (such as to receive our newsletter) and/or download whitepapers.
What Information Do We Collect
What personal information we collect and process depends on how and why you use our Platform. As explained in more detail below, we process personal information that we receive:
- Directly from you when you provide it to us, such as in connection with any of our Services;
- Indirectly, through automated technologies such as cookies, or from third parties.
Information We Collect Directly From You
You can generally visit our Site without having to submit any personal information. However, if you wish to use our Services, you will be asked to provide information about yourself.
- If you sign up for an account on our Site, we will collect personal information as follows:
- First and last name
- Company name
- Email address
- Job title
- Location (Country/State/Zip Code)
- If you wish to download a whitepaper on our Site, we will collect personal information as follows:
- First and last name
- Company name
- Business email address
- Primary Role
- Location (Country/State/Zip Code)
- If you contact us through our “Contact us” form or otherwise send us an email, we also process any personal information contained in those communications.
- If you are a Customer, in order to process your payment Information, we use PCI-compliant third-party processors, as explained in Payment Processing. Payment information is processed by our payment service providers, and we receive a confirmation of payment, which we then associate with your account and any relevant transactions.
Information We Collect Indirectly
Device and Usage Information
When you download, use or interact with the Site, even if you do not have an account, we, or authorized third parties engaged by us, may automatically collect information about your use of the Site via your device, some of which is considered personal information. “Device and Usage Information” that we collect consists of:
- Information About your Device: information about the devices and software you use to access the Site – primarily the internet browser or mobile device that you use, the website or source that linked or referred you to the Site, your IP address or device ID (or other persistent identifier that uniquely identifies your computer or mobile device on the Internet), the operating system of your computer or mobile device, device screen size, and other similar technical information.
- Usage Information: information about your interactions with the Site, including access dates and times, hardware and software information, device event information, log data, crash data, cookie data. This information allows us to understand the screens that you view, how you’ve used the Site and/or our Services (which may include administrative and support communications with us), and other actions on the Site. We, or our authorized third parties, automatically collect log data when you access and use the Site, even if you have not created an account or logged in. We use this information to administer and improve the Services, analyze trends, track users’ use of the Site, and gather broad demographic information for aggregate use.
Based on Device and Usage Information, we are also able to determine general location information (“Location Information”).
Cookies and Similar Technologies
Information from Third Parties
In some instances, we process personal information from third parties, which consists of data from our partners, such as transactional data from providers of payment services, or information from third parties with whom we host or sponsor Events. In all such cases, individuals are informed of our processing activities and/or able to choose certain preferences at the time of collection. From time to time, we may combine information we collect as described above with personal information we obtain from third parties. For example, we may combine information entered through an AvidThink sales submission with information we receive from a third-party sales intelligence platform to enhance our ability to market our Services to Customers or potential Customers.
If you have reason to believe that a child under the age of 16 has provided personal data to AvidThink through the Platform, please contact firstname.lastname@example.org and we will endeavor to delete that information from our databases.
With the Device and Usage Information collected by our third-party analytics services, such as Google Analytics or Oribio.io, we generate and process information, such as statistical or demographic data. Aggregated Information may be derived from personal data, but is not considered personal data if it does not directly or indirectly reveal your identity. For example, we may track the total number of visitors to our Site or the number of visitors to each page of our Site, and we may aggregate usage data to calculate the percentage of users accessing a specific feature of the Site and analyze this data for trends and statistics.
We collect payments from Customers only and do not directly collect or store payment information. We use third-party, PCI-compliant, payment processors, which collect payment information on our behalf in order to complete transactions with our Customers. While our administrators are able to view and track actual transactions via the client portals of the payment processors, we do not have access to, or process, credit card information.
How Do We Use Information We Collect
We use your personal information for a number of different reasons, as further explained below.
In addition, for users located in the EEA and the U.K., we must have a valid legal basis in order to process your personal data. The main legal bases under the European Union’s General Data Protection Regulation (GDPR) that justify our collection and use of your personal information are:
- Performance of a contract – When your Personal information is necessary to enter into or perform our contract with you.
- Consent – When you have consented to our use of your Personal information via a consent form (online or offline).
- Legitimate interests – When we use your Personal information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
- Legal obligation – When we need to use your Personal information to comply with our legal obligations.
- Legal claims – When your Personal information is necessary for us to defend, prosecute or make a claim.
Below are the general purposes and corresponding legal bases (in brackets) for which we may use your personal information:
- Providing you access to and use of the Platform [depending on the context, performance of a contract, legitimate interests, and in some cases, legal claims]
- Processing and completing transactions, and sending you related information, including purchase confirmations and invoices [performance of a contract]
- Responding to your queries and requests, or otherwise communicate directly with you [depending on the context, performance of a contract, legitimate interests, and in some cases, legal claims]
- Improving the content and general administration of the Platform, and enhancing user experience [legitimate interests]
- Providing customer support [depending on the context, performance of a contract, legitimate interests, and in some cases, legal claims]
- Detecting fraud, illegal activities or security breaches [legitimate interests]
- Providing you with notices regarding purchases or other important information [depending on the context, performance of a contract or legitimate interests]
- Ensuring compliance with applicable laws [compliance with a legal obligation]
- Performing system maintenance and upgrades, and enabling new features [legitimate interests]
- Conducting statistical analyses and analytics, by monitoring and analyzing trends, usage, and activities in connection with the Platform [consent where required (e.g. third-party cookies), or legitimate interests]
- Increasing the number of customers who use our Services through marketing and advertising [consent where required, or legitimate interests]
- Sending marketing communications, in line with your communication preferences [consent and in some cases, depending on location, with existing customers, legitimate interests]
- Providing our Services to our Customers [legitimate interests and performance of a contract]
When We Share Information
We only disclose your personal information as described below.
Third-Party Service Providers
AvidThink discloses users’ information to our third party agents, contractors, or service providers who are hired to perform services on our behalf. These companies do things to help us provide the Platform, and in some cases collect information directly, for example as explained in Payment Processing above. Below is an illustrative list of functions for which we may use third-party service providers:
- Hosting and content delivery network services
- Analytics services
- Lead generation partners
- Marketing and social media partners
- Customer support services
- Payment processors
- Hosting and content delivery network services
- Functionality and debugging services
- Professional service providers, such as auditors, lawyers, consultants, accountants and insurers
When we act on behalf of our Customers as a data processor, with your consent, we may provide your personal information to our Customers, which includes the information collected when you download a white paper.
Occasionally, we will provide our Customers with aggregated information that does not identify you, in order to provide information about trends, demographics (such as location) and organizations that may be interested in their content.
As we continue to grow, we may purchase websites, applications, subsidiaries, other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities and/or sell assets or stock, in some cases as part of a reorganization or liquidation in bankruptcy. As part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation or other corporate reorganization in which AvidThink participates, or to a purchaser or acquirer of all or a portion of AvidThink’s assets, bankruptcy included.
We share aggregated, automatically-collected or otherwise non-personal information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) for business or marketing purposes; (iii) to assist us and other parties in understanding our users’ interests, habits and usage patterns for certain programs, content, services, marketing and/or functionality available through the Platform. We do not share personal information about you in this case.
Legal Obligations and Security
If we are required to disclose personal information by law, such as pursuant to a subpoena, warrant or other judicial or administrative order, our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty). However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), to be determined on a case-by-case basis.
Links to Third Party Sites
We do not use social media plugins, but do allow certain social media companies to drop third-party cookies on our Site for analytics, as set forth in our Cookie Notice.
“Do Not Track”
AvidThink does not respond to Do Not Track (“DNT”) browser signals. For more information on DNT settings generally, please visit https://allaboutdnt.com.
How to Change Your Communication Preferences
To keep your information accurate, current, and complete, please contact us as specified below. We will take reasonable steps to update any information in our possession that you have previously submitted via the Platform. Note that you may also manage your communications preferences and the receipt of any commercial communication by clicking the “unsubscribe” link included at the bottom of all emails from AvidThink. You may also adjust your preferences through your account settings if you have a AvidThink account, or send an email to email@example.com.
Access and Accuracy
AvidThink uses reasonable efforts to keep your personal information accurate. We will provide you with online access to your Personal information so that you may review, update or correct personal information that we hold.
Note that in order to protect your privacy and security, we will also take reasonable steps to verify your identity before granting you access or enabling you to make corrections. To access your personal information, please visit the relevant account management sections of our Platform. If you cannot access your personal information on the Platform, please send an email to firstname.lastname@example.org.
How Long Do We Keep Your Personal information?
General Retention Periods
We use the following criteria to determine our retention periods: the amount, nature and sensitivity of your information, the reasons for which we collect and process your personal data, the length of time we have an ongoing relationship with you and provide you with access to our Platform, and applicable legal requirements. We will retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax or accounting requirements). Additionally, we cannot delete information when it is needed for the establishment, exercise or defense of legal claims (also known as a “litigation hold”). In this case, the information must be retained as long as needed for exercising respective potential legal claims.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), we will securely store your personal information and isolate it from any further processing until deletion is possible.
For any questions about data retention, please contact email@example.com.
In some instances, we may choose to anonymize your personal data instead of deleting it, for statistical use, for instance. When we choose to anonymize, we make sure that there is no way that the personal data can be linked back to you or any specific user.
Data Security And Integrity
We take steps that are reasonably necessary to securely provide our Platform. We have put in place reasonably appropriate security measures designed to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. We limit access to personal data only to those employees, agents, contractors and the third parties who have a business need-to-know.
We also have procedures in place to deal with any suspected data security breach. If required, we will notify you and any applicable regulator of a suspected data security breach. We also require those parties to whom we transfer your personal information to provide acceptable standards of security.
Notwithstanding, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from the Services may not be secure. Therefore, take special care in deciding what information you send to us via email. For any questions about the security of your information, please contact firstname.lastname@example.org.
Notice to Nevada Consumers
We do not sell your personal information within the scope of, and according to the defined meaning of, a “sale” under NRS 603A.
We are located in the United States, and the personal information that we collect is stored on servers located in the United States. This means that your personal information will be collected, processed and stored in the United States, which may have data protection laws that are different from (and sometimes less protective than) the laws of your country or region, such as the GDPR.
Additional Information for Users in the EEA and the U.K.
If the GDPR applies to you because you are in the EEA or the U.K., please read this section for more information.
AvidThink as Data Controller or Data Processor
In other instances, AvidThink acts as the ‘data processor’, namely when it acts on behalf of its Customers, who are the data controllers with respect to content such as white papers that you can access via the Site.
Finally, when AvidThink enables sponsored links to Customers’ websites, each party acts as an independent data controller, in which case your personal data is governed by each party’s respective privacy and cookie policies.
Staying In Control Of Your Information: Your Rights
If the GDPR applies to you because you are in the EEA or the U.K., you have certain rights in relation to your personal data:
- The right of access – your right to request a copy of the personal data we hold about you (also known as a ‘data subject access request’);
- The right to rectification – your right to request that we correct personal data about you if it is incomplete or inaccurate (though we generally recommend first making any changes in your Account Settings);
- The right to erasure (also known as the ‘right to be forgotten’) – under certain circumstances, you may ask us to delete the personal data we have about you (unless it remains necessary for us to continue processing your personal data for a legitimate business need or to comply with a legal obligation as permitted under the GDPR, in which case we will inform you);
- The right to restrict processing – your right, under certain circumstances, to ask us to suspend our processing of your personal data;
- The right to data portability – your right to ask us for a copy of your personal data in a common format (for example, a .csv file);
- The right to object – your right to object to us processing your personal data (for example, if you object to us processing your data for direct marketing); and
- Rights in relation to automated decision-making and profiling – our obligation to be transparent about any profiling we do, or any automated decision-making.
These rights are subject to certain rules around when you can exercise them.
If you are located in the EEA or the U.K. and wish to exercise any of the rights set out above, you may contact us at email@example.com.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request under those circumstances.
We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. If we cannot reasonably verify your identity, we will not be able to comply with your request(s).
We will respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.
If you no longer wish to receive our marketing/promotional information, we remind you that you may withdraw your consent to direct marketing at any time directly from the unsubscribe link included in each electronic marketing message we send to you. If you do so, we will promptly update our databases, and will take all reasonable steps to meet your request at the earliest possible opportunity, but we may continue to contact you to the extent necessary for the purposes of providing our Services.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us directly first.
Representative in the European Union
Pursuant to Article 27 of the GDPR, AvidThink has appointed European Data Protection Office (EDPO) as its GDPR representative in the EU for individuals located in the EEA. You may contact EDPO regarding matters pertaining to the GDPR by:
- Using EDPO’s online request form at https://edpo.com/gdpr-data-request/
- Writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.
NOTE: please do not forget to mention that your request relates to AvidThink LLC.
Avenue Huart Hamoir, 71
UK General Data Protection Regulation (GDPR) – UK Representative
Pursuant to the UK GDPR, AvidThink has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR by:
- Using EDPO UK’s online request form: https://edpo.com/uk-gdpr-data-request/
- Writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom
NOTE: please do not forget to mention that your request relates to AvidThink LLC.
8 Northumberland Avenue
London WC2N 5BY