Privacy Policy

1. Introduction

CertifiaWeb Operating Company, LLC ("CertifiaWeb", "we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, process, disclose, and safeguard your information when you visit our website, use our services, or interact with us.

This Privacy Policy applies to all users of CertifiaWeb's services, including visitors to our website, registered users, customers, and anyone who interacts with our platform, applications, APIs, or services (collectively, the "Service").

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you provide directly to us when you:

• Create an Account: Name, email address, phone number, company name, job title, and password
• Use Our Services: Business information, compliance data, certification documents, audit reports, and other information you upload or submit
• Contact Us: Information you provide when contacting our support team, including name, email, phone number, and message content
• Make a Purchase: Billing information, payment details, transaction history, and invoice information
• Subscribe to Communications: Email address and preferences for receiving marketing communications
• Participate in Surveys or Promotions: Responses to surveys, feedback, and information provided for promotions

2.2 Information We Collect Automatically

When you use our Service, we automatically collect certain information about your device and usage patterns:

• Device Information: IP address, browser type and version, operating system, device identifiers, and mobile network information
• Usage Information: Pages visited, time spent on pages, clickstream data, search queries, and navigation patterns
• Log Information: Access times, dates, and duration of sessions, error logs, and system activity
• Location Information: General location data based on IP address or device settings (with your consent)
• Cookies and Tracking Technologies: Information collected through cookies, web beacons, pixel tags, and similar technologies

2.3 Information from Third Parties

We may receive information about you from third parties, including:

• Payment Processors: Transaction information and payment status
• Authentication Services: Information from social media or single sign-on providers if you choose to authenticate through them
• Business Partners: Information from partners who refer you to our services
• Public Sources: Information from publicly available sources, such as business directories or public records

3. How We Use Your Information

We use the information we collect for various purposes, including:

3.1 Service Provision

• Create and manage your account
• Provide, maintain, and improve our services
• Process transactions and send related information
• Deliver compliance and certification services
• Generate reports and documentation
• Respond to your inquiries and provide customer support

3.2 Communication

• Send you service-related communications, including updates, security alerts, and administrative messages
• Respond to your comments, questions, and requests
• Send you marketing communications (with your consent, where required)
• Notify you about changes to our services or policies

3.3 Business Operations

• Analyze usage patterns and trends to improve our services
• Conduct research and analytics
• Detect, prevent, and address technical issues and security threats
• Enforce our Terms of Use and other policies
• Comply with legal obligations and protect our rights

3.4 Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

• Consent: When you have given clear consent for us to process your personal data for specific purposes
• Contract Performance: To perform a contract with you or to take steps at your request before entering into a contract
• Legal Obligation: To comply with legal obligations we are subject to
• Legitimate Interests: For our legitimate business interests, such as improving our services, marketing, and fraud prevention

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We may share your information with third-party service providers who perform services on our behalf, including:

• Payment processing and billing services
• Cloud hosting and infrastructure providers
• Email and communication services
• Analytics and data processing services
• Customer support and helpdesk services
• Security and fraud prevention services

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 Business Transfers

If CertifiaWeb is involved in a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). We may also disclose information to:

• Comply with legal processes, such as subpoenas, court orders, or search warrants
• Enforce our Terms of Use and other agreements
• Protect the rights, property, or safety of CertifiaWeb, our users, or others
• Investigate fraud, security issues, or other violations

4.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

4.5 Aggregated or De-identified Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you for research, analytics, or other business purposes.

5. Data Security

We implement industry-standard security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: We use SSL/TLS encryption to protect data in transit and encryption at rest for stored data
• Access Controls: We limit access to personal information to employees, contractors, and agents who need to know that information to process it for us
• Security Monitoring: We continuously monitor our systems for security threats and vulnerabilities
• Regular Audits: We conduct regular security audits and assessments
• Incident Response: We have procedures in place to respond to security incidents
• Compliance Standards: We maintain compliance with industry standards such as ISO 27001, SOC 2, and PCI DSS

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Factors we consider when determining retention periods include:

• The nature and sensitivity of the information
• The purposes for which we collected the information
• Legal and regulatory requirements
• The potential risk of harm from unauthorized use or disclosure
• Whether we can achieve the purposes through other means

When we no longer need your personal information, we will securely delete or anonymize it, except where we are required to retain it for legal or regulatory purposes.

7. Your Rights and Choices

7.1 Access and Correction

You have the right to access, update, and correct your personal information. You can do this by:

• Logging into your account and updating your profile information
• Contacting us through our support system
• Emailing us at privacy@certifiaweb.com

7.2 Data Portability

You have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format. You may also request that we transfer your data to another service provider where technically feasible.

7.3 Deletion

You have the right to request deletion of your personal information, subject to certain exceptions, such as when we need to retain information for legal compliance or to complete a transaction.

7.4 Objection and Restriction

You have the right to object to processing of your personal information or request that we restrict processing in certain circumstances.

7.5 Withdraw Consent

Where we rely on your consent to process your personal information, you have the right to withdraw your consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

7.6 Marketing Communications

You can opt out of receiving marketing communications from us by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your communication preferences in your account settings
• Contacting us at privacy@certifiaweb.com

Note that you may still receive service-related communications even if you opt out of marketing communications.

7.7 Cookies and Tracking Technologies

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our Service. For more information, see our Cookie Policy.

8. International Data Transfers

CertifiaWeb is based in the United States. If you are located outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

These countries may have data protection laws that differ from those in your country. When we transfer your personal information across borders, we take steps to ensure that your information receives adequate protection, including:

• Using Standard Contractual Clauses approved by the European Commission
• Relying on adequacy decisions by relevant data protection authorities
• Implementing appropriate safeguards as required by applicable law

By using our Service, you consent to the transfer of your information to the United States and other countries as described in this Privacy Policy.

9. Children's Privacy

Our Service is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately.

If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to delete that information from our servers.

10. California Privacy Rights (CCPA)

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You have the right to request information about the categories and specific pieces of personal information we collect, use, disclose, and sell
• Right to Delete: You have the right to request deletion of your personal information
• Right to Opt-Out: You have the right to opt out of the sale of your personal information (we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise your CCPA rights, please contact us at privacy@certifiaweb.com or through our support system.

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have certain rights under the General Data Protection Regulation (GDPR):

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

To exercise your GDPR rights, please contact us at privacy@certifiaweb.com. We will respond to your request within one month, though we may extend this period in certain circumstances.

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with your local data protection authority.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and use information about you. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

Types of cookies we use:

• Essential Cookies: Required for the Service to function properly
• Analytics Cookies: Help us understand how visitors interact with our Service
• Functional Cookies: Remember your preferences and settings
• Advertising Cookies: Used to deliver relevant advertisements (with your consent)

13. Third-Party Links

Our Service may contain links to third-party websites, services, or applications that are not owned or controlled by CertifiaWeb. This Privacy Policy does not apply to such third-party services. We encourage you to review the privacy policies of any third-party services you visit.

We are not responsible for the privacy practices or content of third-party websites, services, or applications.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated Privacy Policy on this page
• Updating the "Effective Date" at the top of this Privacy Policy
• Sending you an email notification (for significant changes)
• Displaying a prominent notice on our Service

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this Privacy Policy periodically.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

CertifiaWeb Operating Company, LLC
Privacy Officer
455 Market Street, Suite 1250
San Francisco, CA 94105
United States
Phone: +1 (415) 555-0198
Email: privacy@certifiaweb.com

For GDPR-related inquiries, you can also contact our Data Protection Officer at dpo@certifiaweb.com.

16. Acknowledgment

BY USING OUR SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND AGREE TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR INFORMATION AS DESCRIBED HEREIN.