, or “our”
) in connection with the https://drata.com
, and United Kingdom in the GDPR Notice Table of Contents
- Personal Information We Collect
- How We Use Your Personal Information
- How We Share Your Personal Information
- Your Choices
- Other Sites and Services
- Security Practices
- International Data Transfers
- How to Contact Us
- Information for California Residents
- Your Rights Under California’s Shine the Light Law
- GDPR Notice
Personal Information We Collect Information you provide to us.
Personal information you provide to us through the Service or otherwise includes:
Information we obtain from social media platforms.
- Business and personal contact information, such as your first and last name, email and mailing addresses, phone number, professional title and company name.
- Profile information, such as your username and password that you may set to establish an online account with us.
- Registration information, such as information that may be related to a service or an event you register for.
- Feedback or correspondence, such as information you provide when you contact us with questions, feedback, or otherwise correspond with us online.
- Precise geolocation information, such as when you authorize us to access your location.
- Transaction information, such as information about payments to and from you and other details of products or services you have purchased from us.
- Usage information, such as any content you upload to the Service or otherwise submit to us, including information you provide when you use any interactive features of the Service.
- Marketing information, such as your preferences for receiving communications about our activities, events, and publications, and details about how you engage with our communications.
We may receive personal information about you from third-party sources, such as marketing partners, publicly-available sources and data providers. Marketing and advertising.
We, our service providers and our third-party advertising partners may collect and use your personal information for marketing and advertising purposes:
Cookies and Other Information Collected by Automated Means
- Direct marketing. We may send you Drata-related direct marketing communications as permitted by law, including by email and mail. You may opt-out of our marketing communications as described in the Opt-out of marketing communications section below.
We, our service providers, and our business partners may automatically log information about you, your computer, and activity occurring on or through the Service. The information that may be collected automatically includes your computer type and version number, manufacturer and model, device identifier (such as the Google Advertising ID or Apple ID for Advertising), browser type, screen resolution, IP address, the website you visited before browsing to our website, general location information such as city, state or geographic area; and information about your use of and actions on the Service, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access. Our service providers and business partners may collect this type of information over time and across third-party websites. On our webpages, this information is collected using cookies, browser web storage (also known as locally stored objects, or “LSOs”), web beacons, and similar technologies, and our emails may also contain web beacons. Referrals
Users of the Service may have the opportunity to refer friends or other contacts to us. If you are an existing user, you may only submit a referral if you have permission to provide the referral’s contact information to us so that we may contact them.
How We Use Your Personal Information
We use your personal information to:
For research and development.
- provide, operate and improve the Service;
- provide information about our products and services;
- establish and maintain your user profile on the Service;
- communicate with you about the Service, including by sending you announcements, updates, security alerts, and support and administrative messages;
- communicate with you about events or contests in which you participate;
- understand your needs and interests, and personalize your experience with the Service and our communications;
- provide support and maintenance for the Service; and
- respond to your requests, questions and feedback
We analyze use of the Service to analyze and improve the Service and to develop new products and services, including by studying user demographics and use of the Service. To comply with law.
We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities. For compliance, fraud prevention, and safety.
We may use your personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the Service; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity. With your consent.
In some cases we may specifically ask for your consent to collect, use or share your personal information, such as when required by law. To create anonymous, aggregated or de-identified data.
We may create anonymous, aggregated or de-identified data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous, aggregated or de-identified data by removing information that makes the data personally identifiable to you. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.
How We Share Your Personal Information
We may sometimes share your personal information with partners or enable partners to collect information directly via our Service. Professional advisors.
We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us. For compliance, fraud prevention and safety.
We may share your personal information for the compliance, fraud prevention and safety purposes described above. Business transfers.
We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.
In this section, we describe the rights and choices available to all users. Users who are located within the European Union can find additional information about their rights below. Access or Update Your Information.
If you have registered for an account with us, you may review and update certain personal information in your account profile by logging into the account. Opt out of marketing communications.
You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us at [email protected]
You may continue to receive service-related and other non-marketing emails. Cookies.
Most browser settings let you delete and reject cookies placed by websites. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, you may not be able to use all functionality of the Service and it may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit https://www.allaboutcookies.org
. We use Google Analytics to help us understand user activity on the Service. You can learn more about Google Analytics cookies at https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
and about how Google protects your data at https://policies.google.com/privacy
. You can prevent the use of Google Analytics relating to your use of the Service by downloading and installing a browser plugin available at https://tools.google.com/dlpage/gaoptout
. Advertising choices.
You can limit use of your information for interest-based advertising by:
- Browser settings. Blocking third party cookies in your browser settings.
- Privacy browsers/plug-ins. By using privacy browsers or ad-blocking browser plug-ins that let you block tracking technologies.
- Platform settings. Google offers opt-out features that let you opt-out of use of your information for interest-based advertising:
- Ad industry tools. Opting out of interest-based ads from companies participating in the following industry opt-out programs:
You will need to apply these opt-out settings on each device from which you wish to opt-out. Do Not Track.
Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit https://www.allaboutdnt.com
. Choosing not to share your personal information.
Where we are required by law to collect your personal information, or where we need your personal information in order to provide the Service to you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with our services. We will tell you what information you must provide to receive the Service by designating it as required at the time of collection or through other appropriate means.
Other Sites and Services
The Service may contain links to other websites, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or online services that are not associated with us. We do not control third party websites, or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites and online services you use.
The security of your personal information is important to us. We employ a number of organizational, technical and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information. Email, in particular, is an insecure way to transmit personal information. Please take special care regarding what information you send to us via email.
The Service is not directed to, and we do not knowingly collect personal information from, anyone under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us. We will delete such information from our files as soon as reasonably practicable. We encourage parents with concerns to contact us.
How to Contact Us
Please direct any questions or comments about this Policy or privacy practices to [email protected]
You may also write to us via postal mail at:
4660 La Jolla Village Dr. Suite 100 San Diego, CA 92122
Osano International Compliance Services Limited ATTN: 6VXK 25/28 North Wall Quay Dublin 1, D01 H104 IRELAND
Information for California Residents Scope.
This section applies only to California residents. It describes how we collect, use, and share Personal Information of California residents online and offline in our capacity as a “business” under the California Consumer Privacy Act of 2018 (“CCPA”
) and their rights with respect to that Personal Information. For purposes of this section, “Personal Information”
has the meaning given in the CCPA but does not include information exempted from the scope of the CCPA. In some cases we may provide a different privacy notice to certain categories of California residents, such as job applicants, in which case that notice will apply instead of this section. Your California privacy rights.
As a California resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.
- Information. You can request the following information about how we have collected and used your Personal Information during the past 12 months:
- The categories of Personal Information that we have collected;
- The categories of sources from which we collected Personal Information;
- The business or commercial purpose for collecting and/or selling Personal Information;
- The categories of third parties with whom we share Personal Information;
- The categories of Personal Information that we sold or disclosed for a business purpose; and
- The categories of third parties to whom the Personal Information was sold or disclosed for a business purpose.
- Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.
- Deletion. You can ask us to delete the Personal Information that we have collected from you.
- Opt-out of sales. You can opt-out any sale of your Personal Information.
- Nondiscrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by the CCPA
You may submit requests to exercise your right to information, access or deletion via email to [email protected]
or calling (858) 754-8811. Notice of right to opt-out of the “sale” of your Personal Information