Privacy Statement, effective as of January 1, 2023

ActivEngage, Inc. (“ActivEngage” or the “Company”) is committed to protecting the privacy of individuals who visit the Company’s Web sites (“Visitors”), individuals who register to use the Services as defined below (“Customers”), and individuals who register to attend the Company’s corporate events (“Attendees”). References to “you” or “your” in this Privacy Statement will refer to Visitors, Customers, and Attendees. If you are accessing or using the site on behalf of a Customer or other legal entity, you represent and warrant that you have the authority to bind such entity to this agreement, in which case references to “you” or “your” will refer to both the individual and any such Customer or legal entity using any of the Site This Privacy Statement describes ActivEngage’s privacy practices in relation to the use of the Site and the related applications and services offered by ActivEngage (collectively with the Site, the “Services”). It also describes the choices available to you regarding Company’s use of your personal information and how you can access and update this information.

By register to use the Services, attend the Company’s corporate events, providing information to Company (by any means, whether in correspondence, via Company’s Site, or otherwise), or continuing to use Company’s Services, you acknowledge that you have read, understood, and consent to be bound by this Privacy Statement.

IF YOU DO NOT AGREE WITH THIS PRIVACY STATEMENT OR COMPANY’S PRACTICES, YOU MAY NOT USE COMPANY’S SERVICES. THIS PRIVACY STATEMENT MAY CHANGE FROM TIME TO TIME AND YOUR CONTINUED USE OF COMPANY’S SERVICES CONSTITUTES YOUR ACCEPTANCE OF THOSE CHANGES. COMPANY ENCOURAGES YOU TO REVIEW THIS PRIVACY STATEMENT PERIODICALLY.

  1. Web sites covered

This Privacy Statement covers the information practices of www.activengage.com, and all other websites, mobile sites, applications, platforms and tools where this Privacy Statement appears or is linked (collectively, the “Site”).

  1. Information collected

Company may collect and use the following categories of personal information that identify, relate to, describe, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”):

  • Identifiers (e.g., a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, driver’s license number, passport number, or other similar identifiers).
  • Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
  • Internet or other electronic network activity information (e.g., browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement, internet protocol address, device information including operating system and browser information).
  • Geolocation data (e.g. physical location or movements).
  • Sensory data (e.g. audio, electronic, visual, thermal, olfactory, or similar information).
  • Professional or employment-related information from job applicants of ActivEngage.

When expressing an interest in obtaining additional information about the Services or registering to use the Services, ActivEngage requires you to provide the Company with certain specific pieces of personal information, such as first and last name, company name, street address, phone number, and email address (“Required Contact Information”).

  1. Cookies and Other Tracking Technologies

As you navigate the Company’s Sites, ActivEngage may also collect information through the use of commonly-used information-gathering tools, such as cookies and web beacons (“Web Site Navigational Information”).

Web Beacons

Web beacons are electronic images (sometimes called single-pixel gifs) and are used along with cookies to compile aggregated statistics to analyze how Company’s Services are used and may be used in some of Company’s emails to let Company know which emails and links have been opened by recipients. This allows Company to gauge the effectiveness of its customer communications and marketing campaigns. Company uses a third party to gather information about how you and others use Company’s Services. For example, Company will know how many users access a specific page and which links they clicked on. Company uses this aggregated information to understand and optimize how the Services are used.

Cookies

Cookies are small text files of information stored by the Internet browser on your computer’s hard drive. Company may use these cookies to collect browsing data to keep track of your preferences and profile information and to collect general usage and volume statistical information. These cookies do not collect personal or confidential information and are not spyware.

There are a number of different types of cookies, however, the Services use:

  • Essential – These cookies are necessary to the core functionality of Company’s Site and some of its features, such as access to secure areas.
  • Performance and Functionality – These cookies are used to enhance the performance and functionality of Company’s For example, Company may use these cookies so that Company recognizes you on the Site and remember your previously selected preferences. These could include what language you prefer and your geographic location. These cookies are nonessential to the use of Company’s Site, however, without these cookies, certain functionality may become unavailable. A mix of first-party and third-party cookies are used.
  • Analytics and Customization – Company uses these cookies and technologies to analyze how the Site is accessed, used, or performing in order to improve your user experience and to maintain, operate and continually improve the Site. For example, Company uses Google Analytics on the Site to collect: page url/page title and user browser/system information, which includes browser type, referrer, language, java/flash support, IP address, and ad-serving data. For information on how Google Analytics collects and processes data, visit www.google.com/policies/privacy/partners/. To opt-out of Google Analytics, visit Google’s “How you can control the information collected by Google on these sites and apps” article available here.
  • Social Media – These are cookies used to connect Company’s Site to a third-party social media platform. For example, these cookies enable you to share Company’s Site’s content through third-party social networks and other websites. They remember your details after you sign in to a social media account from a website. These cookies may also be used for advertising purposes.
  • Unclassified – These are cookies that have not yet been categorized. Company is in the process of classifying these cookies with the help of their providers.

How to Manage Cookies

You have the right to decide whether to accept or reject certain cookies. You can set your browser not to accept cookies, and the above websites tell you how to remove cookies from your browser. However, in a few cases, some of Company’s Service features may not function as a result. Essential cookies cannot be rejected, as they are strictly necessary to provide you with Company’s Services. If you would like to learn more about the third party advertisers that may be aware of the fact that you visit the Site, and to understand your choices about having such advertisers’ cookies turned off, please visit http://www.aboutads.info/choices/, http://www.youronlinechoices.com/, or http://www.networkadvertising.org/.

  1. Do Not Track

Some web browsers transmit “do-not-track” (DNT) signals. Company does not currently respond to these web browsers’ “do not track” signals.

Company’s third party partners, such as web analytics companies and third party ad networks, may collect information about you and your online activities over time and access Company’s Services or other online properties. These third parties may not change their tracking practices in response to DNT settings in your web browser and Company does not obligate these parties to honor DNT settings.

  1. Promotional Communications

Company may use your personal information to send you updates (by email, text message, telephone or post) about Company’s products and/or Services, including exclusive offers, promotions or new products and/or services.

We have a legitimate interest in processing your personal information for promotional purposes (see below “How and why Company uses your personal information”). This means Company does not usually need your consent to send you promotional communications. However, where consent is needed, Company will ask for this consent separately and clearly.

Company will always treat your personal information with the utmost respect and never sell or share it with other organizations outside the ActivEngage group for marketing purposes.

You have the right to opt out of receiving promotional communications at any time by:

  • Contacting Company by using one of the methods listed in the “Contact Information” Section below; or
  • Using the “unsubscribe” link in emails or “STOP” number in texts.

Company may ask you to confirm or update your marketing preferences if you instruct Company to provide further products and/or services in the future, or if there are changes in the law, regulation, or the structure of Company’s business.

  1. How Your Personal Information is Collected

Company collects most of this personal information directly from you—in person, by telephone, text or email and/or via Company’s Services. However, Company may also collect information:

  • From publicly accessible sources;
  • Directly from a third party (e.g., certified partners for their integrated services, dealerships; automotive trade associations; captive finance companies and wholly-owned subsidiaries of automakers that offer loans, lease programs, and other financial services to Company’s Customers; data brokers & analytics providers such as equity mining, data mining, call tracking, and sales prospecting tools; advertising networks and agencies; job boards & screening companies such as background check companies and services that allow job seekers to submit resumes and apply to Company directly; online lead providers and third party websites that collect and share data relating to Visitors whose product preferences or inquiries align with the offerings of Services; social media networks such as Facebook, Instagram, and other platforms used to run various advertising campaigns; credit reporting agencies, and vehicle manufacturers to sell new motor vehicles);
  • From a third party with your consent (e.g., Customers);
  • From cookies on Company’s Site; and
  • Via Company’s IT systems, including automated monitoring of Company’s Services and other technical systems, such as Company’s computer networks and connections, access control systems, communications systems, and email and instant messaging systems.
  1. How and why Company uses your personal information

Under data protection law, Company can only use your personal information if Company has a proper reason for doing so, e.g.:

  • To comply with Company’s legal and regulatory obligations;
  • For the performance of Company’s contract with you or to take steps at your request before entering into a contract;
  • For Company’s legitimate interests or those of a third party; or
  • Where you have given consent.

A legitimate interest is when Company has a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

The table below explains what Company uses (process) your personal information for and Company’s reasons for doing so:

 

What Company uses your personal information for

Company reasons

To contact you regarding your request for more information or enrollment for sales and the Services.

To plan and host corporate events, host online forums and social networks in which event attendees may participate, and to populate online profiles for Attendees on the Company’s Site.

To provide products and/or services to you.

For the performance of Company’s contract with you or to take steps at your request before entering into a contract.

To prevent and detect fraud against you or ActivEngage.

For Company’s legitimate interests or those of a third party, i.e. to minimize fraud that could be damaging for ActivEngage and for you.

Conducting checks to identify Company’s customers and verify their identity.

Screening for financial and other sanctions or embargoes.

Other processing necessary to comply with professional, legal and regulatory obligations that apply to Company businesses, e.g. under health and safety regulation or rules issued by Company’s professional regulator.

To comply with ActivEngage’s legal and regulatory obligations.

Gathering and providing information required by or relating to audits, inquiries or investigations by regulatory bodies.

To comply with ActivEngage’s legal and regulatory obligations.

Ensuring business policies are adhered to, e.g. policies covering security and internet use.

For ActivEngage’s legitimate interests or those of a third party, i.e. to make sure Company is following its own internal procedures so Company can deliver the best service to you.

Operational reasons, such as improving efficiency, training and quality control.

For ActivEngage’s legitimate interests or those of a third party, i.e. to be as efficient as Company can so it can deliver the best service for you at the best price.

Ensuring the confidentiality of commercially sensitive information.

For ActivEngage’s legitimate interests or those of a third party, i.e. to protect trade secrets and other commercially valuable information.

To comply with ActivEngage’s legal and regulatory obligations.

Statistical analysis to help Company manage its business, e.g. in relation to ActivEngage’s financial performance, customer base, product range or other efficiency measures.

For ActivEngage’s legitimate interests or those of a third party, i.e. to be as efficient as Company can so it can deliver the best service for you at the best price.

Preventing unauthorized access and modifications to systems.

For ActivEngage’s legitimate interests or those of a third party, i.e. to prevent and detect criminal activity that could be damaging for Company and for you.

To comply with ActivEngage’s legal and regulatory obligations.

Updating and enhancing Customer and Attendee records.

For the performance of ActivEngage’s contract with you or to take steps at your request before entering into a contract.

To comply with ActivEngage’s legal and regulatory obligations.

For ActivEngage’s legitimate interests or those of a third party, e.g. making sure that Company can keep in touch with its customers about existing Services and new products or Services.

Ensuring safe working practices, staff administration and assessments.

To comply with ActivEngage’s legal and regulatory obligations.

For ActivEngage’s legitimate interests or those of a third party, e.g. to make sure Company is following its own internal procedures and working efficiently so Company can deliver the best service to you.

Marketing Company Services and those of selected third parties (including its affiliates and its partners) to:

¾     existing and former Customers;

¾     third parties who have previously expressed an interest in Company’s Services;

¾     third parties with whom Company has had no previous dealings.

For ActivEngage’s legitimate interests or those of a third party, i.e. to promote Company’s business to existing and former Customers.

ActivEngage also uses Web Site Navigational Information to operate and improve the Company’s Services. The Company may also use Web Site Navigational Information alone or in combination with data about salesforce.com customers and data about salesforce.com attendees to provide personalized information about the Company.

Company may also anonymize, aggregate or de-identify personal information so the end-product does not identify you or any other individual. For example, Company may use this information to generate norms by industry, geography, level, etc., enable Company to understand where Company Services are being utilized, conduct ongoing validation studies, compile reports, and improve the services. Such aggregated, anonymized or de-identified information is not considered personal information for purposes of this Privacy Statement and Company may use it for any purpose.

  1. Who Company shares your personal information with

ActivEngage does not sell your personal information. Company only shares your personal information as described in this policy. ActivEngage processes your information for the purposes described in this policy, which include “business purposes” under the CCPA.

The information the Company collects from Visitors is not shared with or sold to any third party, unless it is expressly identified with the intent to do so (as with Company certified partners for their integrated services), at the point of submission or Company deems it necessary to share information in response to governmental, regulatory, or legal requirements.

Company routinely shares personal information of Customers and Attendees with:

  • Company affiliates, including companies within the ActivEngage group;
  • Service providers Company uses to help deliver Company products and/or Services to you, such as payment service providers and leads delivery intermediaries;
  • Other third parties Company uses to help Company run its business, such as marketing agencies or website hosts; and
  • Third parties approved by you, including social media sites you choose to link your account to or third-party payment providers.

Company may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with Company’s legal and regulatory obligations.

Company may also need to share some personal information with other parties, such as potential buyers of some or all of Company business or during a re-structuring.

Company will not share your personal information with any other third party without your consent.

  1. How long your personal information will be kept

Company will keep your personal information while you have an account with Company or while Company is providing products and/or services to you. Thereafter, Company will keep your personal information for as long as is necessary:

  • To respond to any questions, complaints or claims made by you or on your behalf;
  • To show that Company treated you fairly; or
  • To keep records required by law.

Company will not retain your personal information for longer than necessary for the purposes set out in this Privacy Statement. Different retention periods apply for different types of personal information. All personal information is deleted or de-identified after 4 months, unless applicable laws require a longer retention period. All metadata (which is not personally identifiable information) is deleted after 2 years.

  1. Children and the Services

Company’s Services are not directed to children, and you may not use the Services if you are under the age of 18. If you are under 18, do not use Company’s Services, access the Site, or provide any information about yourself including, without limitation, your name, address, email address or any screen name or user name you may use. If Company learns that it has collected or received personal information from a child under 13 without verification of parental consent, in compliance with the Children’s Online Privacy Protection Act, Company will purge such information from its database and cancel the corresponding accounts. If you believe Company may has any information from or about a child under 13, please see the “Contact Information” Section below. Please visit the FTC's website at www.ftc.gov for tips on protecting children's privacy online.

  1. Data Security

Company uses reasonable and appropriate physical, technical, and administrative safeguards to protect your personal information from unauthorized use, access, loss, misuse, alteration, or destruction. Company also has procedures in place to deal with any suspected data security breach. Company will notify you and any applicable regulator of a suspected data security breach where Company is legally required to do so.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While Company strives to use commercially acceptable means to protect collected data, Company cannot guarantee its absolute security.

  1. Where Your Personal Information is Held

Information may be held at Company’s offices and those of Company’s third party agencies, service providers, representatives and agents as described above (see above: “Who Company shares your personal information with”).

  1. A Note to Users Outside of the United States

Company is headquartered in the United States and utilizes service providers in the United States. The Services are not intended for individuals outside the United States. If you are a non-U.S. user of the Services, by using the Services, visiting the Site, or providing Company with data, you acknowledge and agree that your personal information may be processed for the purposes identified in this Privacy Statement. If you choose to access Company Services outside the United States, Company and its service providers may transfer your personal information to, or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. In particular, you are advised that the United States of America uses a sectoral model of privacy protection that relies on a mix of legislation, governmental regulation, and self-regulation. Where the laws of your country allow you to do so, by using the Services or by providing your data, you consent and authorize Company to transfer, store, and use all such personal information in the United States of America (and any other country where Company operates), which may not offer an equivalent level of protection to that required in the country where you reside, and to the processing of that personal information by Company on its servers located in the United States of America, as described in this Privacy Statement. If you do not want your personal information transferred to the United States of America and any other country where Company operates, please do not submit any information to Company or use Company’s Services.

  1. Third Party Websites

If, in your interactions with the Services, you are linked or directed to, or click on, a third party website, Company cannot control what information you may provide to that party or on that website, and Company is not responsible for how that party may use or disclose any information you may provide to them. This is not as an endorsement by Company of any third party website, content that may be offered on such third party website, or of any products or services provided by such third party. Company does not control, nor is it responsible for, such third party website, product or service offerings. As such, Company urges you to exercise caution before providing them with your personal information and to review the third party’s privacy policy for information on its data processing practice.

You should contact the site administrator for such third party website if you have any complaints, claims, concerns or questions regarding such third party website or its privacy practices.

  1. Personal Information Company Sold or Disclosed for a Business Purpose.

In the preceding 12 months, Company has not sold for a business purpose to one or more third parties, any categories of personal information.

In the preceding 12 months, Company has disclosed for a business purpose to one or more third parties the following categories of personal information:

  • Identifiers (e.g., a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, driver’s license number, passport number, or other similar identifiers).
  • Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
  • Internet or other electronic network activity information (e.g., browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement, internet protocol address, device information including operating system and browser information).
  • Geolocation data (e.g. physical location or movements).
  • Sensory data (e.g. audio, electronic, visual, thermal, olfactory, or similar information).
  • Professional or employment-related information from job applicants of ActivEngage.
  1. Your Rights Under the CCPA

You may have the right under the California Consumer Privacy Act of 2018 (CCPA), the California Privacy Rights Act of 2020 (CPRA), and certain other privacy and data protection laws, as applicable, to exercise free of charge:

Disclosure of Personal Information Company Collects About You

You have the right to know:

·       The categories of personal information Company has collected about you;

·       The categories of sources from which the personal information is collected;

·       Company business or commercial purpose for collecting or selling personal information;

·       The categories of third parties with whom Company shares personal information, if any; and

·       The specific pieces of personal information Company has collected about you.

Personal Information Sold, Shared, Disclosed, or Used for a Business Purpose

In connection with any personal information Company may sell or disclose to a third party for a business purpose, you have the right to know:

·       The categories of personal information about you that Company sold and the categories of third parties to whom the personal information was sold; and

·       The categories of personal information that Company disclosed about you for a business purpose.

In connection with any personal information Company may sell or disclose to a third party for a business purpose, you have the right to at any time, direct Company not to sell or share your Personal Information.

Company does not sell your personal information.

Right to Limit Use and Disclosure of Sensitive Personal Information.

You have the right to opt-out of the use and disclosure of your sensitive personal information for anything other than supplying requested goods or services.

Company does not collect any sensitive information in connection with Company Services.

Right to Correction

You have the right to request correction of inaccurate personal information maintained by Company about you. Upon receipt of a verifiable request from you, Company will use commercially reasonable efforts to correct the inaccurate personal information.

Right to Deletion

Subject to certain exceptions, on receipt of a verifiable request from you, Company will:

·       Delete your personal information from Company records; and

·       Direct any service providers to delete your personal information from their records.

Protection Against Discrimination

You have the right to not be discriminated against by Company because you exercised any of your rights under the CCPA. This means Company cannot, among other things:

·       Deny goods or services to you;

·       Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;

·       Provide a different level or quality of goods or services to you; or

·       Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

Please note that Company may charge a different price or rate or provide a different level or quality of goods and/or services to you, if that difference is reasonably related to the value provided to Company’s business by your personal information.

  1. How to Exercise Your Rights. If you would like to exercise any of your rights as described in this Privacy Statement, please:
  • Call Company, toll-free, at 888-972-0477; or
  • Contact Company by using one of the methods listed in the “Contact Information” Section below.

Please note that you may only make a CCPA-related data access or data portability disclosure request twice within a 12-month period.

You will need to provide Company with:

  • Enough information to identify you (e.g., your full name, address and customer or matter reference number);
  • Proof of your identity and address (e.g., a copy of your driving license); and
  • A description of what right you want to exercise and the information to which your request relates.

You may use a representative, called an "authorized agent," to submit a request to Company. An authorized agent means a natural person, or a business entity registered with the California Secretary of State, that you have authorized to act on your behalf. In order to protect your privacy, Company requires you to confirm that you have provided the authorized agent permission to submit the request and you must provide the authorized agent with signed permission. "Signed" means that the written attestation, declaration, or permission has either been physically signed or provided electronically pursuant to the Uniform Electronic Transactions Act. An authorized agent that has power of attorney pursuant to California Probate Code section 4121 to 4130 must submit proof of statutory power of attorney, but consumer verification is not required. Company may deny a request from an authorized agent that does not submit proof that they have been authorized to act on your behalf. Requests submitted by an authorized agent will still require verification of the person who is the subject of the request in accordance with the process described above.

Company is not obligated to make a data access or data portability disclosure if it cannot verify that the person making the request is the person about whom Company collected information, or is someone authorized to act on such person’s behalf.

Any personal information Company collects from you to verify your identity in connection with your request will be used solely for the purposes of verification.

  1. Changes to This Privacy Statement.

This Privacy Statement was published on the date “Effective Date” above.

Company may change this Privacy Statement from time to time. Changes to this Privacy Statement will be made by updating this page. Please visit this Privacy Statement regularly to read the current version.

  1. Contact Information. Please contact Company if you have any questions about this Privacy Statement or the information Company holds about you by visiting us on our contact page at: https://www.activengage.com/demo/

Or by email at: ccpa_requests@activengage.com.