This Privacy Notice describes how we collect and use personal data in relation to Immuta SaaS offering.
For a description of our other processing activities see here.
For our cookie notice see here.
This Privacy Notice does not apply to licensee data processed within the licensee environment at its own initiative, as in this situation Immuta is not acting as a data controller, but as a processor.
Personal data we collect and process
We collect and process contact details related to licensee representatives such as names, emails, job titles, home address, phone numbers, signatures, and account information related to licensee authorized users such as names, emails, IP addresses, and other login details.
We may also collect obfuscated usage data to optimize user experience and improve our products and services, such as which role does the user have within the instance, whether he owns data sets, whether he has created projects, whether he has tagged data.
How we collect personal data
Contact details are collected directly from licensee representatives. Account information is collected directly from licensee authorized users.
Usage data is collected by automated means from licensee authorized users through our data analytics providers.
Cookies. We also obtain certain information by automated means, such as cookies, web beacons, web server logs and other technologies. A “cookie” is a text file that websites send to a visitor’s computer or other internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an internet tag, pixel tag or clear GIF, links web pages to web servers and cookies and may be used to transmit information collected through cookies back to a web server.
We may use these automated technologies on the Immuta SaaS offering to collect information about your equipment, browsing actions and usage patterns. These technologies help us (1) remember your information so you do not have to re-enter it; (2) track and understand how you use and interact with our solution; (3) tailor the solution around your preferences; (4) measure the usability of our solution and the effectiveness of our communications; and (5) otherwise manage and enhance our products and services, and help ensure they are working properly.
Your browser may tell you how to be notified about certain types of automated collection technologies and how to restrict or disable them. Please note, however, that without these technologies, you may not be able to use all of the features of our solution. For mobile devices, you can manage how your device and browser share certain device data by adjusting the privacy and security settings on your mobile device.
For more information on our use of cookies and similar technologies, click here to review our cookie notice.
How we use personal data
We use personal data for the following purposes:
- Account registration, administration, billing, and communications with customers
- Perform accounting, and other internal functions such as internal reporting, generating statistics to identify trends and opportunities
- Enhance user experience and Improve our products and services
- License compliance and fraud prevention
- Prepare for and engage in internal and external audits and similar assurance-providing processes and procedures
- Prepare for, engage in, complete, or follow up on (de-)mergers, acquisitions or similar corporate transactions
- Prepare for, and engage in, dispute resolution proceedings, including alternative dispute resolution, mediation or administrative or court proceedings
- Comply with and enforce applicable legal requirements, industry standards and Immuta policies and terms
We may also use personal data in other ways for which we provide specific notice at the time of collection.
To whom we may disclose personal data
We disclose personal data to service providers or authorize them to process the data to pursue one or more of the purposes described in this Privacy Notice. Our service providers include:
- Contract management tool providers,
- Communication tool providers,
- User metrics collection and management tool providers,
- Platform and data analytics tool providers,
- Legal service providers,
- Auditors,
- Advisors and consultants.
We may also disclose personal data to other third parties we engage within the context of mergers and acquisitions, governmental authorities, or debt collection agencies.
How we secure personal data
We maintain physical, technical, and administrative safeguards designed to protect personal data against accidental, unlawful or unauthorized access, destruction, loss, alteration, disclosure or use. Our security procedures mean that we may request proof of identity before we disclose personal data to you.
Location of personal data
Personal data is hosted in the United States. Whenever we transfer personal data subject to international transfer restrictions, we ensure that the information is transferred in accordance with this Privacy Notice and as permitted by applicable data protection laws.
Retention of personal data
We keep personal data for as long as it is required in order to fulfill the relevant purposes described in this Privacy Notice and as may be required by law (including for tax and accounting purposes), or as otherwise communicated to you.
Your rights
Subject to applicable law, you may have the right to:
- ask whether we hold personal data about you and request copies of such personal data and information about how it is processed.
- request that inaccurate, incomplete or outdated personal data is corrected or completed.
- request the deletion of personal data in certain circumstances.
- request to restrict the processing of your personal data in certain circumstances.
- object to the processing of personal data on grounds relating to your particular situation.
- request that we provide a copy of your personal data to you in a structured, commonly used and machine readable format in certain circumstances.
When you consent to our processing your personal data for a specified purpose, you may withdraw your consent at any time, and we will stop any further processing of your data for that purpose. If you wish to exercise any of these rights, please contact us at [email protected]. You can also lodge a complaint with the data protection authority in your country.
Unsubscribing. You can tell us at any time not to send you marketing communications by e-mail by clicking on the unsubscribe link within the marketing emails you receive from us, or by sending an “opt out” request to the address indicated on such email. You may request not to be contacted in connection with any new services, updates, news, or events by contacting us as described below. You may also unsubscribe via our preference center at this link: https://go.immuta.com/manage-email-preferences.
Verifying Requests. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with your deletion or correction request. We may require you to verify your email address or phone number in our records and/or provide any of the following information:
- Contact information (such as name, email, phone number, and address); and
- An indication of your prior contact with Immuta (such as prior contact with customer service, or other contact).
In addition, if you ask us to provide you with specific pieces of personal information, we may require you to sign a declaration under penalty of perjury that you are the individual whose personal information is the subject of the request.
Updates to our Privacy Notice
We may update this Privacy Notice from time to time and without prior notice to you to reflect changes in our personal data practices. We will indicate at the top of the policy when it was most recently updated.
How to Contact Us
You can update your preferences, submit a request or ask us questions about this Privacy Notice or our practices by emailing us at [email protected] or writing to us at:
Immuta, Inc.,
Attn: Mike Scott
886 N. High Street, 3rd Floor
Columbus, OH
43215, USA7878 Di
Additional information for certain jurisdictions
Please see below for additional information applicable to individuals who are located or reside in certain jurisdictions such as the EEA, United Kingdom, and California.
California, US
This California Consumer Privacy Statement supplements the Immuta SaaS Privacy Notice and applies solely to personal information collected about California consumers.
This California Consumer Privacy Statement uses certain terms that have the meaning given to them in the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, and its implementing regulations (collectively, the “CCPA”).
Notice of Collection and Use of Personal Information
We may collect (and may have collected during the 12-month period prior to the Last Updated date of this California Consumer Privacy Statement) the following categories of personal information about you:
- Identifiers such as real name, electronic identifier, job titles, and email address
- Online activity such as Internet and other electronic network activity information, including, but not limited to, page views, clicks and information regarding your interaction with Immuta SaaS website, portals and applications, and customer support tools
- Inferences: inferences drawn from any of the information identified above to create a profile about you reflecting how our services are being used and how your user experience could be optimized.
We may use (and may have used during the 12-month period prior to the Last Updated date of this California Consumer Privacy Statement) your personal information for the purposes described above in the section titled “How we use personal data.”
We do not collect or process sensitive personal information and do not require such information for our Services for purposes of inferring characteristics about consumers. Do not provide us sensitive personal information.
To the extent we process deidentified information, we will maintain and use the information in deidentified form and will not attempt to reidentify the information unless permitted by applicable law.
Sources of Personal Information
During the 12-month period prior to the Last Updated date of this California Consumer Privacy Statement, we may have obtained personal information about you from the following categories of sources:
- Directly from you, such as when you contact us
- Your devices, such as when you visit our website
- Our affiliates
- Service providers, contractors and other vendors who provide services on our behalf, as set forth above
Sale or Sharing of Personal Information
We do not sell or share your personal information in this context. For more information about marketing activities see our main privacy notice.
Disclosure of Personal Information
During the 12-month period prior to the Last Updated date of this California Consumer Privacy Statement, we may have disclosed the following categories of personal information about you for a business purpose to the following categories of third parties:
| Category of Personal Information | Categories of Third Parties |
|---|---|
| Identifiers |
|
| Online Activity |
|
| Inferences |
|
In addition to the categories of third parties identified above, during the 12-month period prior to the Last Updated date of this California Consumer Privacy Statement, we may have disclosed personal information about you to government entities and third parties in connection with corporate transactions, such as mergers, acquisitions or divestitures.
Your California Privacy Rights
As a resident of California, you have certain rights under the CCPA, namely:
- Right to Access/ Know – You have the right to request any or all the following information relating to your personal information that we have collected and disclosed in the last 12 months, upon verification of your identity:
- The specific pieces of personal information we have collected about you.
- The categories of personal information we have collected about you.
- The categories of sources of the personal information.
- The categories of personal information that we have disclosed to third parties for a business purpose, and the categories of recipients to whom this information was disclosed.
- The categories of personal information we have sold or shared about you (if any), and the categories of third parties to whom the information was sold or shared; and,
- The business or commercial purposes for collecting the personal information.
- We do not “sell” personal information as that term is defined in the CCPA.
- Right to request correction – You have the right to request that we correct the personal information we maintain about you, if that information is inaccurate.
- Right to request deletion – You have the right to request the deletion of personal information that we have collected from you, subject to certain exceptions.
- The Right to Opt Out of Sharing – You have the right to opt out of the sharing of your personal information for cross-context behavioral advertising purposes. However, please note that if the exercise of these rights limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you our products and services or engage with you in the same manner.
- The Right to Non-Discrimination and Non-Retaliation – You have the right not to receive discriminatory or retaliatory treatment for exercising these rights.
- The Right to Limit use of Sensitive Personal Information – You have the right to limit our use of your sensitive personal information (as defined in the CCPA). As discussed above, we do not require and do not wish to receive your sensitive personal information. Do not provide us with any sensitive personal information. If you think we have processed your sensitive personal information, please contact us.
- “Shine the Light” – California residents that have an established business relationship with us have rights to know how their information is disclosed to third parties for their direct marketing purposes under California’s “Shine the Light” law (Civ. Code §1798.83).
Exercising your rights
If you wish to exercise your California privacy rights, please click here to fill in the form.
You could also contact us at [email protected]. Please specify in your email which right(s) you are seeking to exercise.
To submit a request as an authorized agent on behalf of a consumer, please submit a signed authorization form from the consumer.
Verifying Requests. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with your deletion or correction request. If you have an account with us, we may verify your identity by requiring you to sign in to your account. If you do not have an account with us and you request access to, correction of or deletion of your personal information, we may require you to verify your email address or phone number in our records and/or provide any of the following information:
- Contact information (such as name, email, phone number, and address); and
- An indication of your prior contact with Immuta (such as prior contact with customer service, or other contact).
In addition, if you ask us to provide you with specific pieces of personal information, we may require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.
To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.
European Economic Area (EEA) and the United Kingdom (UK)
Identity of the controller
Immuta, Inc., with offices at 25 Thomson Place, 4th Floor, Boston, MA 02210, USA is responsible for the processing of your personal data as described in this Privacy Notice.
Legal bases
We process your personal data on one or more of the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Account registration, administration, billing, and communications with customers. | As necessary to enter into a contract or to perform our contractual obligations. |
| Perform accounting, and other internal functions such as internal reporting, generating statistics to identify trends and opportunities. | To understand our business context and environment as well as the markets in which we operate. (Legitimate interests) |
| Enhance user experience and improving our products and services. | Being able to improve our products and services. (Legitimate interests) |
| License compliance and fraud prevention. | To keep our customers, suppliers and products and services safe and secure. (Legitimate interests) |
| Prepare for and engage in internal and external audits and similar assurance-providing processes and procedures. | To be able to verify the compliance of our internal processes and procedures and obtain an adequate level of assurance. (Legitimate interests) |
| Prepare for, engage in, complete, or follow up on (de-)mergers, acquisitions or similar corporate transactions. | To be able to engage in corporate transactions. (Legitimate interests) |
| Prepare for, and engage in, dispute resolution proceedings, including alternative dispute resolution, mediation or administrative or court proceedings. | To be able to defend ourselves and our interests. (Legitimate interests) |
| Comply with and enforce applicable legal requirements, industry standards and Immuta policies and terms. | As necessary to comply with relevant law and legal obligations, including to respond to lawful requests and orders. (Legal obligation) To be able to implement industry standards. (legitimate interests) |
In accordance with applicable law, we take reasonable measures to ensure that the interests we pursue are balanced with your interests, rights and freedoms, which we are happy to explain upon request.
Your Rights
Subject to applicable law, you have the right to:
- ask whether we hold personal data about you and request copies of such personal data and information about how it is processed.
- request that inaccurate, incomplete or outdated personal data is corrected or updated.
- request the deletion of personal data in certain circumstances.
- request to restrict the processing of your personal data in certain circumstances.
- object to the processing of personal data on grounds relating to your particular situation.
- request that we provide a copy of your personal data to you in a structured, commonly used and machine readable format in certain circumstances.
When you consent to our processing your personal data for a specified purpose, you may withdraw your consent at any time, and we will stop any further processing of your data for that purpose. If you wish to exercise any of these rights, please contact us at [email protected]. You can also lodge a complaint with the data protection authority in your country.
You can contact our Data Protection Officer (DPO) at [email protected].
Individuals and the data protection supervisory authorities in the EU may also contact our EU representative according to Art. 27 GDPR:
bpc GmbH, Attn: Immuta, Inc., Einigkeitstrasse 9, 45133 Essen, Germany; email: [email protected]
www.b-p-c.eu
International transfers
We transfer personal data from the EEA and the UK to the United States by entering into the European Commission’s EU Standard Contractual Clauses and the UK Transfer Addendum (if appropriate) or on the basis of either a derogation when the transfer is necessary for the conclusion or performance of a contract, for the implementation of pre-contractual measures taken at your request, or upon your explicit consent, depending upon the categories of personal data and the purpose of the processing at stake. To obtain a copy of the safeguards we have put in place, please contact us as indicated below.
Alternatively, we ensure that the data recipient is located in a country that has been the subject of an adequacy decision.