Privacy Policy
Last Modified February 12, 2020

Triblio Privacy Policy (“Privacy Policy”)

We at Triblio (Triblio, Inc.) are committed to protecting your privacy. This Privacy Policy applies to the information and data collected by Triblio where it may be considered to be a “Controller”, including the information collected on our “Websites” (including www.triblio.com) or through other channels as described below. It also describes your choices regarding use, access, and correction of your personal information. If you do not agree with the data practices described in this Privacy Policy, you should not use the Websites.

This Privacy Policy does not apply to the data Triblio processes on behalf of our customers (“Customer Data”) in our capacity as a processor. Your use of the Triblio Subscription Service (the “Subscription Service”) as a customer of Triblio, is covered under the Terms and Conditions between the Customer and Triblio.

Important Information

We may periodically update this Privacy Policy. We will post any privacy policy changes on this page. You should check this page occasionally to review any changes. While we will notify you of any material changes to this Privacy Policy prior to the changes becoming effective, we encourage you to review this Privacy Policy periodically. We will also keep prior versions of this Privacy Policy in an archive for your review. Your continued use of the Websites and/or continued provision of Personal Information to us will be subject to the terms of the then-current Privacy Policy.

If you have any questions about this Privacy Policy or our treatment of the information you provide us, please write to us by email at [email protected]

  1. Information We Collect
  2. How We Use Information We Collect
  3. How We Share Information We Collect
  4. International Transfer of Information
  5. How to Access & Control Your Personal Data
  6. CCPA Notice

1. Information We Collect

When You Visit our Websites

You are free to explore the Websites without providing any Personal Information about yourself. When you visit the Websites, we may request that you provide Personal Information about yourself. We also collect Navigational Information, which means navigation patterns of a given visitor on a Website. Navigational Information includes being able to identify the content that a particular visitor may interact with while on the Website. We may collect and store information locally on your device using mechanisms such as browser web storage and application data caches. We do not ask for any Sensitive Information.

When you visit the Websites, we use various technologies to collect and store information, and this may include using “cookies” or similar technologies to identify your browser or device. A cookie is a text file that is placed on your hard disk by a Web server. Cookies are uniquely assigned to you, and can only be read by a Web server in the domain that issued the cookie to you.

Triblio’s Use of the Subscription Service

We use our own Subscription Service to personalize content experience on our Websites for visitors from specified organizations or groups of organizations. To do so, Triblio will identify a visitor from a specific organization by matching IP address information of the visitor to the organization. Triblio may also use a “cookie” to link the visitor to the specific organization in visits. This information, which is stored and managed on our service providers’ servers, is then used so that visitors may be served content that is relevant to them.

Customers Use of the Subscription Service

We collect information about the Subscription Services that you use and how you use them. This information includes but not limited to:

  • IP Address information. We may collect and process IP address in the use of the Subscription Service. When a visitor visits a website using the Subscription Service, the IP address of the visitor may be captured and processed to identify the organization that the visitor is coming from and to personalize the website content to be relevant to the visitor.
  • Navigational information. We may record the navigation patterns of a given visitor on a website that uses the Subscription Service. This includes being able to identify the content that a particular visitor may interact with while on the website.
  • Local storage. We may collect and store information locally on your device using mechanisms such as browser web storage and application data caches.
  • Cookies and similar technologies. We use various technologies to collect and store information when you visit a website that uses the Subscription Service, and this may include using “cookies” or similar technologies to identify your browser or device. A cookie is a text file that is placed on your hard disk by a Web server. Cookies are uniquely assigned to you, and can only be read by a Web server in the domain that issued the cookie to you.

“Personal Information”

This refers to any information that you voluntarily submit to us and that identifies you personally, including contact information, such as your name, e-mail address, company name, address, phone number, and other information about yourself or your business.

Personal Information includes Navigational Information where such information can directly or indirectly identify an individual. Navigational information refers to information about your computer and your visits to the Websites such as your IP address, geographical location, browser type, referral source, length of visit and pages viewed. Please see the “Use of Navigation Information” section below.

“Sensitive Information”

Refers to credit or debit card numbers, personal financial account information, Social Security numbers, passport or visa numbers, driver’s license numbers or similar personal identifiers, racial or ethnic origin, physical or mental health condition or information, birth dates, or other employment, financial or health information.

Log Files

When you view content provided by us, we automatically collect information about your computer hardware and software. This information can include your IP address, browser type, domain names, internet service provider (ISP), the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, clickstream data, access times and referring website addresses. This information is used by Triblio to provide general statistics regarding use of the Websites. For these purposes, we do link this automatically-collected data to Personal Information such as name, email address, address, and phone number.

Information we collect from third parties

From time to time, we may receive Personal Information about you from third party sources including partners with which we engage in joint marketing activities.

Information About Children

The Websites are not intended for or targeted at children under 16, and we do not knowingly or intentionally collect information about children under 16. If you believe that we have collected information about a child under 16, please contact us at [email protected], so that we may delete the information.

2. How We Use Information We Collect

Compliance with this Privacy Policy

We use the information we collect only in compliance with this Privacy Policy.

We will never sell your Personal Information

We will never sell your Personal Information to any third party.

Use of Personal Information

In addition to the uses described elsewhere in this Privacy Policy, we may use the Personal Information we collect to:
(a) improve your browsing experience by personalizing the Websites and to improve the Subscription Service;
(b) send information to you which we think may be of interest to you by post, email, or other means;
(c) send you marketing communications relating to our business or the businesses of carefully-selected third parties which we think may be of interest to you (however, in those cases, we do not transfer your Personal Information to the third party);
(d) send information to you regarding changes to our Privacy Policy, or other legal agreements; and
(e) meet legal requirements.

Legal basis for processing Personal Information (EEA visitors only)

If you are a visitor located in the European Economic Area (“EEA”), Triblio’s legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it. However, we will normally collect Personal Information from you only where we have your consent to do so, where we need the Personal Information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Information from you.

If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as of the possible consequences if you do not provide your Personal Information). Similarly, if we collect and use your Personal Information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.

Security of your Personal Information

We use a variety of security technologies and procedures to protect and secure the Personal Information we collect from unauthorized access, use, and disclosure. All Personal Information is protected using appropriate physical, technical and organizational measures. Data-at-rest is encrypted with 256bit encryption. Transmitted data is protected by Secure Sockets Layer (SSL) protocol.

If you have any questions about the security of information, you can contact us at [email protected]

Retention of Personal Information

How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible, then we will securely store your information and isolate it from any further use until deletion is possible.

We retain Personal Information that you provide to us where we have an ongoing legitimate business need to do so (for example, as needed to comply with our legal obligations, resolve disputes and enforce our agreements).

When we have no ongoing legitimate business need to process your Personal Information, we securely delete the information or anonymize it or, if this is not possible, securely store your Personal Information and isolate it from any further processing until deletion is possible. We will delete this information at an earlier date if you so request, as described in the “How to Access & Control Your Personal Data” below.

If you have elected to receive marketing communications from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our content, products, or services, such as when you last opened an email from us. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.

If you provide Personal Information to our Customers as part of their use of the Subscription Service, that Personal Information is retained according to the relevant agreements with our customers.

3. How We Share Information We Collect

Service Providers

We employ other companies and people to provide services to visitors to our Websites and our customers and users of the Subscription Service and may need to share your information with them to provide information, products or services to you. Examples may include analyzing data or performing statistical analysis, providing marketing assistance, supplementing the information you provide us in order to provide you with better service, and providing customer service or support. In all cases where we share your information with such agents, we explicitly require the agent to acknowledge and adhere to our privacy and customer data handling policies.

Corporate Events

If we (or our assets) are acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information gathered by Triblio on the Websites and the Subscription Service.

Compelled Disclosure

We reserve the right to use or disclose the Personal Information we collect if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.

4. International Transfer of Information

Privacy Shield Notice

Triblio complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union to the United States. Triblio has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

We are responsible for the processing of personal data we receive under the Privacy Shield Framework and subsequent transfer to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

You may direct any inquiries or complaints related to our Privacy Shield compliance to [email protected] If you have an unresolved privacy or personal data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Under certain conditions that are more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

International transfers to third parties

Some of the third parties described in this privacy policy, which provide services to us under contract, may be based in other countries that may not have equivalent privacy and data protection laws to the country in which you reside. When we share information of customers in the European Economic Area, we make use of the EU-U.S. and Privacy Shield Frameworks, European Commission-approved standard contractual data protection clauses, binding corporate rules for transfers to data processors, or other appropriate legal mechanisms to safeguard the transfer. Please see our Privacy Shield Notice above.

5. How to Access & Control Your Personal Data

Reviewing, Correcting and Removing Your Personal Information

You have the following data protection rights:

You can request access, correction, updates or deletion of your personal information.

You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information.

If we have collected and process your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

You have the right to complain to a data protection authority about our collection and use of your personal information. Contact details for data protection authorities in the EEA and certain non-European countries (including the US and Canada) are available here.)

To exercise any of these rights, please contact us at [email protected] or by mail to mail to Triblio, Inc., 11600 Sunrise Valley Drive #100, Reston, VA, 20191, USA, Attention: Privacy. We will respond to your request to change, correct, or delete your information within a reasonable timeframe and notify you of the action we have taken.

Opting Out and Unsubscribing

You may unsubscribe from our marketing communications by clicking on the “unsubscribe” link located on the bottom of our e-mails, or by sending us email us at [email protected], or by sending us postal mail to Triblio, Inc., 11600 Sunrise Valley Drive #100, Reston, VA, 20191, USA, Attention: Privacy. Customers cannot opt out of receiving transactional emails related to their account with us or the Subscription Service.

To Unsubscribe from Our Customers’ Communications

Our Customers are solely responsible for their own marketing emails and other communications; we cannot unsubscribe you from their communications. You can unsubscribe from our Customers’ marketing communications by clicking on the “unsubscribe” link located on the bottom of their emails, or by contacting them directly.

6. CCPA Notice.

Information on how we handle personal data for California residents is available here.

GDPR
Last Modified February 12, 2020

DATA PROCESSING ADDENDUM – GDPR

1. DEFINITIONS AND INTERPRETATION

1.1 In this Addendum, the following terms shall have the meanings set out in this clause 1.1, unless expressly stated otherwise:

    “Addendum” means this data processing addendum;

    “Adequate Country” means a country or territory outside the EU/EEA that is recognised for the purposes of the Data Protection Laws (including by virtue of a decision of the European Commission) as providing an adequate level of protection for Personal Data;

    “Agreement” means the Subscription Agreement between the parties;

    “Customer Personal Data” means any Personal Data Processed by TRIBLIO on behalf of Customer pursuant to or in connection with the Agreement;

    “Data Protection Laws” means, until 24 May 2018, EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and, with effect from 25 May 2018, the GDPR;

    “Data Subject Request” means the exercise of rights by Data Subjects of Customer Personal Data under Chapter III of the GDPR;

    “Triblio Services” means the Subscription services provided pursuant to the Agreement;

    “GDPR” means the EU General Data Protection Regulation 2016/679 and to the extent the GDPR is no longer applicable in the United Kingdom, any implementing legislation or legislation having equivalent effect in the United Kingdom;

    “Personnel” means employee, agent, consultant or contractor;

    “Third Country” means a country or territory outside the EU/EEA that is not an Adequate Country;

    “Transfer” means a transfer of Customer Personal Data to a Third Country that falls within the scope of Chapter V of the GDPR (including, where applicable, any ‘onwards transfers’ from that Third Country);

    “Sub-processor” means any third party appointed by or on behalf of TRIBLIO to Process Customer Personal Data; and

1.2 In this Addendum:

    (a) the terms, “Data Controller”, “Data Processor”, “Data Subject”, “Personal Data”, “Personal Data Breach”, “Process/Processing/Processed” and “Supervisory Authority” shall have the meaning ascribed to the corresponding terms in the Data Protection Laws.

    (b) unless otherwise defined herein, all capitalised terms shall have the meaning given to them in the Agreement;

    (c) references to this Addendum include its Schedules;

    (d) references to clauses and/or Schedules are to clauses of, and Schedules to, this Addendum;

    (e) references to “laws” shall mean (a) any statute, regulation, by-law, or subordinate legislation; (b) the common law and the law of equity; (c) any binding court order, judgment or decree; or (d) any industry code, policy or standard enforceable by law; and

    (f) any English legal term for any legal document, action, remedy, judicial proceeding, court, official, status, doctrine or any other legal concept shall, in relation to any jurisdiction other than England and Wales, be deemed to include the term which most nearly approximates in that jurisdiction to the English legal term.

1.3 This Addendum shall be incorporated into and form part of the Agreement and is subject to the limitations set forth therein. In the event of any conflict or inconsistency between this Addendum and the main body of the Agreement, this Addendum shall prevail.

2. PROCESSING OF CUSTOMER PERSONAL DATA

2.1 TRIBLIO shall:

    (a) comply with all applicable Data Protection Laws in Processing Customer Personal Data; and

    (b) not Process Customer Personal Data other than (i) on Customer’s instructions (subject always to clause 2.7) and (ii) as required by applicable laws.

2.2 To the extent permitted by applicable laws, TRIBLIO shall inform Customer of:

    (a) any Processing to be carried out under clause 2.1(b)(ii); and

    (b) the relevant legal requirements that require it to carry out such Processing,

before the relevant Processing of that Customer Personal Data by TRIBLIO.

2.3 Customer instructs TRIBLIO to Process Customer Personal Data as necessary (i) to provide the TRIBLIO Services to Customer (including, without limitation, to improve and update the TRIBLIO Services and to carry out Processing initiated by Users (as defined in the Agreement) in their use of the TRIBLIO Services) and (ii) to perform TRIBLIO’s obligations and exercise TRIBLIO’s rights under the Agreement.

2.4 Schedule 1 to this Addendum sets out certain information regarding TRIBLIO’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR.

2.5 Customer may amend Schedule 1 on written notice to TRIBLIO from time to time as Customer reasonably considers necessary to meet any applicable requirements of Data Protection Laws. Nothing in Schedule 1 (including as amended pursuant to this clause 2.5) confers any right or imposes any obligation on any party to this Addendum.

2.6 Where TRIBLIO receives an instruction from Customer that, in its reasonable opinion, infringes or violates the GDPR, TRIBLIO shall inform Customer.

2.7 Customer acknowledges and agrees that any instructions issued by Customer with regards to the Processing by TRIBLIO of Customer Personal Data pursuant to or in connection with the Agreement shall (i) be strictly required for the sole purpose of ensuring compliance with Data Protection Laws, and (ii) not relate to the scope of, or otherwise materially change the TRIBLIO Services. Notwithstanding anything to the contrary herein, TRIBLIO may terminate the Agreement in its entirety upon written notice to Customer with immediate effect if TRIBLIO considers (in its absolute discretion) that (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities, and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise).

2.8 Customer represents and warrants on an ongoing basis that, (i) for the purposes of Article 6 of the GDPR, there is, and will be throughout the term of the Agreement, a legal basis for the Processing by TRIBLIO of Customer Personal Data in accordance with this Addendum and the Agreement (including, without limitation, any and all instructions issued by Customer from time to time in respect of such Processing); and (ii) it shall not provide or otherwise make available to TRIBLIO any special categories of Personal Data (as the term ‘special categories’ is defined in Article 9(1) of the GDPR) or any Personal Data relating to criminal convictions and/or offences (as those terms are defined in Article 10 of the GDPR).

3. TRIBLIO PERSONNEL

3.1 TRIBLIO shall take reasonable steps to ensure the reliability of any Personnel who may Process Customer Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know or access the relevant Customer Personal Data for the purposes described in this Addendum, and to comply with applicable laws, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.

4. SECURITY

4.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, TRIBLIO shall in relation to the Customer Personal Data implement appropriate technical and organisational measures, as described in further detail in the Security Schedule, to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.

4.2 In assessing the appropriate level of security, TRIBLIO shall take into account the risks presented by Processing, in particular from a Personal Data Breach.

5. SUBPROCESSING

5.1 Customer authorises TRIBLIO to appoint sub-processors in accordance with this clause 5 provided that TRIBLIO provides written notice of such sub-processors to Customer and ensures that all such sub-processors comply with the requirements of this Addendum. TRIBLIO will comply with the conditions referred to Article 28 of GDPR for engaging sub-processors and will inform the Customer of any intended changes (taking place after conclusion of the Agreement) concerning the sub-processors giving the Customer opportunity to object to such changes. Customer acknowledges that such objection may limit the Customer’s possibilities to use services provided by TRIBLIO.

5.2 TRIBLIO is responsible that its sub-processors Process the Personal Data in accordance with this Addendum. TRIBLIO must especially ensure that each sub-processor implements all the appropriate technical and organisational measures compliant with the Controls so that the Personal Data are Processed in accordance with this Addendum and the Data Protection Legislation.

5.3 TRIBLIO will, at Customer’s written request, provide Customer with a written confirmation on how TRIBLIO has ensured that its sub-processors comply with the aforementioned obligations.

6. DATA SUBJECT RIGHTS

6.1 Taking into account the nature of the Processing, TRIBLIO shall, at Customer’s cost, provide Customer with such assistance as may be reasonably necessary and technically possible in the circumstances, to assist Customer in fulfilling its obligation to respond to Data Subject Requests.

6.2 TRIBLIO shall:

    (a)promptly notify Customer if TRIBLIO receives a Data Subject Request; and

    (b) ensure that TRIBLIO does not respond to any Data Subject Request except on the documented instructions of Customer (and in such circumstances, at Customer’s cost) or as required by applicable laws, in which case TRIBLIO shall to the extent permitted by applicable laws inform Customer of that legal requirement before TRIBLIO responds to the Data Subject Request.

7. PERSONAL DATA BREACH

7.1 TRIBLIO shall notify Customer without undue delay upon TRIBLIO becoming aware of a Personal Data Breach affecting Customer Personal Data, providing Customer with sufficient information (insofar as such information is within TRIBLIO’s possession) to allow Customer to meet any obligations to report or inform Data Subjects or Supervisory Authorities of the Personal Data Breach under Data Protection Laws.

7.2 TRIBLIO shall co-operate with Customer and take such reasonable commercial steps as may be directed by Customer to assist in the investigation, mitigation and remediation of each such Personal Data Breach.

8. DATA PROTECTION IMPACT ASSESSMENT AND PRIOR CONSULTATION

8.1 TRIBLIO shall provide reasonable assistance to Customer, at Customer’s cost, with any data protection impact assessments, and prior consultations with Supervisory Authorities, which Customer reasonably considers to be required of Customer by Article 35 or 36 of the GDPR, in each case solely in relation to Processing of Customer Personal Data by, and taking into account the nature of the Processing by, and information available to, TRIBLIO.

9. DELETION AND RETURN OF CUSTOMER PERSONAL DATA

9.1 TRIBLIO will Process Personal Data as long as it is necessary for TRIBLIO in order to provide Services to the Customer under the Agreement. TRIBLIO undertakes, in accordance with Customer’s written request and without undue delay, to delete or return the Personal Data to Customer (or to a third party appointed by Customer) in agreed format.

9.2 TRIBLIO will return or delete the Personal Data upon termination of this Addendum, including all existing copies of the Personal Data in its possession, unless TRIBLIO is required to store the said Personal Data under mandatory law or regulation.

9.3 TRIBLIO undertakes not to Process Personal Data after it has been successfully transferred to Customer or a third party appointed by Customer, or after it has been successfully removed. TRIBLIO may however continue to store and access Personal Data as provided by Section 9.2 above.

10. AUDIT RIGHTS

10.1 TRIBLIO will provide Customer with all information reasonably requested by the Customer to demonstrate TRIBLIO’s compliance with the requirements of this Addendum (including implementation of the Controls).

10.2 During the term of this Addendum, Customer or an independent third-party auditor appointed by Customer will have the right to audit TRIBLIO’s compliance with the obligations under this Addendum (including any implementation of the Controls).

10.3 The third-party auditor used by the Customer must have the necessary skills and qualifications required to carry out such audit, must be bound by appropriate confidentiality obligations and may not be TRIBLIO’s competitor. The report of the auditor must be shared with both Parties.

10.4 Customer must notify TRIBLIO of the audit at least 14 days in advance. TRIBLIO will always allow the regulatory authority supervising Customer’s business to conduct audits targeted at Customer’s obligations as data controller. The relevant parts of this Section 11 will be applied to such audits.

10.5 The subject of the audit will be TRIBLIO’s documentation related to information security and the Processing of Personal Data and other information necessary to evaluate TRIBLIO’s compliance with this Addendum. TRIBLIO will participate in and contribute to the audit to the extent necessary. TRIBLIO will also, on Customer’s request, participate in a supervisory authority’s audit targeted at Customer and provide the supervisory authority with the required information to conduct such audit. Both the Customer and TRIBLIO agree to cooperate, on request, with the supervisory authority in the performance of its tasks.

10.6 Each Party will bear its own costs resulting from the audit and Customer will bear the costs for the use of third-party auditor.

11. TRANSFERS

11.1 TRIBLIO and its sub-processors may transfer or process personal data outside the EU/EEA area for the purpose of providing services to the Customer. When such transfer or processing takes place, TRIBLIO will ensure that the standard contractual clauses approved by the European Union concerning the transfer of personal data to outside the EU/EEA, or other appropriate safeguards provided by the GDPR, will apply to such transfer or processing.

11.2 TRIBLIO will notify Customer upon request of the countries in which Personal data will be Processed (including the countries from which the Personal Data can be accessed).

12. STATISTICAL DATA

12.1 Customer acknowledges and agrees that (i) TRIBLIO shall be freely able to use and disclose Statistical Data for TRIBLIO’s own purposes without restriction; (ii) to the extent that Statistical Data constitutes Personal Data for the purposes of the GDPR), each Party shall be an independent Data Controller in respect of such data, shall independently determine the purposes and means of its processing of such data and will comply with the obligations applicable to it under Data Protection Laws in respect of such data; (iii) Statistical Data does not constitute Customer Personal Data for the purposes of this Agreement; and (iv) except for this clause 12, the terms of this Addendum shall not apply to TRIBLIO’s Processing of Statistical Data.

SCHEDULE 1 TO THE DATA PROCESSING ADDENDUM
DETAILS OF PROCESSING OF CUSTOMER PERSONAL DATA

1. THE PURPOSE OF THE PROCESSING OF PERSONAL DATA

TRIBLIO will Process Personal Data only for the following purposes:

    Providing Customer the Service under the Agreement (including the technical support and maintenance services specified in the Agreement) and other purposes provided by the Agreement.

2. CONTENTS OF THE PROCESSING

TRIBLIO will perform the following Personal Data Processing operations:

  • TRIBLIO will store the Personal Data on servers hosted by TRIBLIO or a service provider engaged by TRIBLIO.
  • TRIBLIO will have access to the Personal Data and use the data for providing services to the Customer under the Agreement and carrying out other acts provided by the Agreement.

3. CATEGORIES OF DATA SUBJECTS AND PERSONAL DATA

TRIBLIO will Process the following categories of data subjects and Personal Data:

  • Information related to the users of the services provided by TRIBLIO to Customer under the Agreement, such as:
    User name and other user credentials,
    • e-mail addresses,
    • IP addresses,
    • other contact details of the users, such as phone numbers,
    • log data relating to the use of the services and
    • other Personal Data that may be provided by the users under the Agreement (for example data provided in the service requests sent by the users).
CCPA
Last Updated February 12, 2020

California Privacy Notice Pertaining to Triblio’s Website(s)

This Notice for California Residents supplements the information contained in Triblio’s Website Privacy Policy and applies solely to California consumers as defined in the California Consumer Privacy Act of 2018 (CCPA).

In the below tables and sections, we describe (as required by the CCPA):

  1. Our Collection of Personal Information – the types of personal information (that we collect, the types of sources we collect it from.
  2. Our Disclosure and Sale of Personal Information – the types of recipients to whom we disclose or sell personal information.
  3. Our Business Purposes – our business purposes for (a) collecting and (b) sharing personal information, which are generally the same.
  4. Your California Privacy Rights and Choices – what rights you have under the CCPA, for instance, to request that we “opt out” your information from our marketing database (also called “do not sell” rights).
  5. Contact – how you may contact us.

The following sets forth the categories of information we collect and purposes for which we may use California Consumers’ personal information:

1. Personal Information We Collect

Triblio collects certain categories of personal information in connection with our websites. Personal information is broadly defined under CCPA as information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device.

Triblio may collect about you the categories of information summarized in the table below. The following table also describes how we collect and use such categories of information.

Category Categories of Sources Purpose for Collecting
Identifiers: real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, or other similar identifiers Directly from data subject, inquiries About Triblio products and/or services, Triblio website(s) Operating our Website(s), To market our products and services to you, and other operational purposes
Categories from CA Civil Code 1798.80: name, address, telephone number, employment information Directly from data subject, inquiries About Triblio products and/or services, Triblio website(s), Marketing Partners To market our products and services to you, and other operational purposes
Internet or electronic network activity information: information regarding a consumer’s interaction with a website Triblio website(s) Operating our Website(s), To market our products and services to you, and other operational purposes
Professional or employment-related information Directly from data subject To market our products and services to you, and other operational purposes
Inferences drawn from any information above to create a profile about a consumer reflecting consumer’s preferences and behavior Triblio website(s) To market our products and services to you, and other operational purposes

2. Disclosure and Sale of Personal Information

We generally do not ‘sell’ the personal information we collect from you from your interaction with our website(s). However, given the broad definition of ‘sale’, our sharing of your personal information with our marketing partners and other thirds parties may be considered a sale under CCPA. You can opt out of this sharing by clicking “unsubscribe” on any marketing communications that you received from Triblio.

We also may share any of the personal information we collect as follows: 

Sharing for Legal Purposes: In addition, we may share personal information with third parties in order to: (a) comply with legal process or a regulatory investigation (e.g. a subpoena or court order); (b) enforce our Terms of Service, this Privacy Policy, including investigation of potential violations thereof; (c) respond to claims that any content violates the rights of third parties; and/or (d) protect the rights, property or personal safety of us, our platform, our customers, our agents and affiliates, its users and/or the public. We likewise may provide information to other companies and organizations (including law enforcement) for fraud protection, and spam/malware prevention, and similar purposes.

Sharing In Event of a Corporate Transaction: We may also share personal information in the event of a major corporate transaction, including for example a merger, investment, acquisition, reorganization, consolidation, bankruptcy, liquidation, or sale of some or all of our assets, or for purposes of due diligence connected with any such transaction.

Sharing with Service Providers: We may share personal information with our service providers to help deliver services accessed through our website(s) and to deliver content and fulfill requests made on our website(s). Service providers are contractually prohibited from using the personal information for purposes outside of providing specific services to us.

3. Our Business Purposes for Collecting and Sharing Personal Information

Generally, we collect and share the Personal Information that we collect from our website(s) for the following purposes:

Operating our Website(s), for example:

  • To track your use of our websites and tailor your web experience.
  • To monitor and improve our website and services.

To market our products and services to you, for example:

  • To fulfill or meet the reason you provided the information. For example, if you share your name and business contact information to inquire about our products or services, we will use that personal information to respond to your inquiry. We may also share this personal information with our marketing partners (i.e. lead generation).
  • To register for and/or allow you to subscribe to our special offers, demonstrations of our products and services, or seminars. 
  • To allow you to download different papers and/or articles that we write, produce, or otherwise make available.

Other operational purposes, for example:

  • Auditing
  • Detecting security incidents
  • Debugging
  • Short-term and transient use
  • Performing services 
  • Internal research
  • Quality control
  • Legal compliance

4. Your Rights and Choices

While the CCPA provides California consumers with specific rights regarding their personal information, including the right to opt out of sale, the right to access and the right to deletion, the personal information we collect, use, and disclose from your interaction with our websites is largely used for business-to-business purposes. For example, when you are acting as a representative of your company and inquiring about our products or services.

You can manage your email marketing preferences by clicking on the “unsubscribe” link located on the bottom of our e-mails, or by sending us an email at [email protected], or by sending us postal mail to Triblio, Inc., 11600 Sunrise Valley Drive #100, Reston, VA, 20191, USA, Attention: Privacy.

5. Contact for More Information

If you have additional questions, please email [email protected]