Capriza Inc. Privacy Statement
Privacy Statement, effective as of May 16, 2018
Last updated December 19, 2018
Your privacy is important to us.
Capriza, Inc. (“Capriza,” “we,” “us,” “our,” or the “Company”) is committed to protecting the privacy of individuals who visit the Company’s Web Sites (“Visitors”), individuals who register to use the Services as defined below (“Customers”), and individuals who register to receive informational documentation or demos, or to attend the Company’s corporate events (“Attendees”).
This Privacy Statement also describes Capriza’s privacy practices in relation to the use of the Company’s Web Sites and the related applications, services, and programs offered by Capriza (collectively, the “Services”), as well as individuals’ choices regarding use, access and correction of personal information.
Web Sites covered
This Privacy Statement covers the information practices, including how the Company collects, uses, shares and secures the personal information you provide, of Web Sites that link to this Privacy Statement (collectively referred to as “Sites”, “Capriza’s Web Sites” or “the Company’s Web Sites”). Currently, the Company’s Web Sites consist of the following:
- Capriza capriza.com website
- The Capriza Designer start.capriza.com, which enables Capriza customers to create mobile applications that run on the Capriza platform.
- The Capriza support website support.capriza.com
- The Capriza Administrator Console, https://admin.capriza.com, which enables Capriza customers to manage users, systems, connectors, and other functions for their organization in ApproveSimple.
NOTE: When Zapps (zapp.capriza.com<zapp id>) are posted by third parties, the privacy statement of the third party applies, and this Privacy Statement does not apply.
Changes to This Policy
We may change this Policy from time to time. If we make any changes to this Policy, we will change the “last updated” date above. Capriza will provide notification of any material changes to this Privacy Statement through the Company’s Web Sites at least thirty (30) business days prior to the change taking effect. We encourage you to check this Policy whenever you use our Site and services to understand how your personal information is used.
We collect two general types of information, namely personal information and aggregate data. As used in this Policy, the term “personal information” means information that specifically identifies an individual (such as a name and email address), and demographic and other information when directly linked to information that can identify an individual. Our definition of personal information does not include “aggregate” data.
Aggregate data is information we collect about a group or category of services or users from which individual user identities have been removed. In other words, no personal information is included in aggregate data. Aggregate data helps us understand trends in our users’ needs so that we can better consider new features or otherwise tailor our services. This Policy in no way restricts or limits our collection and use of aggregate data, and we may share aggregate data about our users with third parties for various purposes, including to help us better understand our customer needs and improve our services and for advertising and marketing purposes.
Personal information is information we collect from you in various ways when you use our Site and services. Examples include the following:
- Required Contact Information – When expressing an interest in obtaining additional information about the Services, registering to use the Web Sites or other Services, or registering for an event, Capriza may require you to provide the Company with personal contact information, such as name, company name, address, phone number, and email address. We may also supplement this information with information such as “title” or “industry” from other companies to ensure a complete user profile is created.
- Billing Information – When expressing an interest in obtaining additional information about the Services, when purchasing the Services, or when registering for an event, Capriza may also require you to provide the Company with financial qualification and billing information, such as billing name and address, and the number of employees within the organization that will be using the Services.
- Registration and Profile Information – When you register to use our services or update your profile, we may collect various kinds of information about you including, your name and email address; your title, company and other profile information you provide; demographic information; and information you upload like photos, files, and documents.
- Submissions and Customer Service Information – We may use surveys, contests or sweepstakes requesting personal or demographic information and customer feedback. Participation in these surveys or contests is completely voluntary and you therefore have a choice whether or not to disclose this information.
- Optional Information – Capriza may also ask you to provide additional information, such as company annual revenues, total number of employees, or industry (“Optional Information”).
- Applicant Information – When Visitors apply for a job with the Company, Capriza may also require you to submit additional personal information as well as a resume or curriculum vitae.
Required Contact Information, Billing Information, Registration and Profile Information, Submissions and Customer Service Information, Optional Information, Applicant Information, and any other information you submit to Capriza to or through the Services are referred to collectively as “Data.”
As you navigate the Company’s Web Sites, Capriza may also collect information through the use of commonly-used information-gathering tools, such as cookies and Web beacons (“Web Site Navigational Information”). Web Site Navigational Information includes standard information from your Web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on the Company’s Web Sites (such as the Web pages viewed and the links clicked). A more detailed description of Web Site Navigational Information is provided below.
Cookies, Web Beacons, Log Files, IP Addresses, URLs and Other Data
A cookie is a small amount of data which is sent to your browser from a Site’s computers and stored on your computer’s hard drive. Most browsers automatically accept cookies as the default setting. You can modify your browser setting to reject our cookies or to prompt you before accepting a cookie by editing your browser options. However, if a browser is set not to accept cookies or if a user rejects a cookie, some portions of the Site and services may not function properly. For example, you may not be able to sign in and access certain Web page features or services. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to Capriza, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Me” or a “Free Trial” Web form) or have previously identified yourself to Capriza, you remain anonymous to the Company.
|Type of Cookies||Description||Managing Settings|
|Required cookies||Required cookies enable you to navigate the Company’s Web Sites and use its features, such as accessing secure areas of the Web Sites and using Capriza Services. If you have chosen to identify yourself to Capriza, the Company may place on your browser cookies containing an encrypted, unique identifier. These cookies allow the Company to uniquely identify you when you are logged into the Web Sites and Services and to process your online transactions and requests.||Because required cookies are essential to operate the Company’s Web Sites and the Services, there is no option to opt out of these cookies.|
|To learn more about these and other advertising networks and your ability to opt out of collection by certain third party, please visit the opt-out pages of the Network Advertising Initiative, here, and the Digital Advertising Alliance, here.|
To learn how to manage privacy and storage settings for Flash cookies click here. Various browsers may offer their own management tools for removing HTML5 local storage.
A Web beacon is an electronic image, also called a “gif,” that may be used on our Web pages to deliver cookies, count visits and compile statistics on usage and campaign effectiveness or in our emails to tell if an email has been opened and acted upon. For example, Capriza may place Web beacons in marketing emails that notify the Company when you click on a link in the email that directs you to one of the Company’s Web Sites. Capriza uses Web beacons to operate and improve the Company’s Web Sites, Services and email communications.
Log Files, IP Addresses, URLs and Other Data
As is true of most Web Sites, we gather certain information automatically to analyze trends in the aggregate and administer our Web Sites and Services. This information may include your Internet Protocol (IP) address (or the proxy server you use to access the World Wide Web), device and application identification numbers, your location, your browser type, your Internet service provider and/or mobile carrier, the pages and files you viewed, your searches, your operating system and system configuration information, and date/time stamps associated with your usage. Due to Internet communications standards, when you visit or use the Company’s Websites and Services, we automatically receive the URL of the website from which you came and the website to which you go when you leave our Website. This information is used to analyze overall trends, to help us improve our Websites and Services, to track and aggregate non-personal information, and to provide the Websites and Services. For example, Capriza uses IP addresses to monitor the regions from which Customers and Visitors navigate the Company’s Web Sites. Capriza also collects IP addresses from Customers when they log into the Services as part of the Company’s “Identity Confirmation” and “IP Range Restrictions” security features.
Social Media Features and Single Sign-on
Do Not Track
Currently, various browsers — including Internet Explorer, Firefox, and Safari — offer a “do not track” or “DNT” option that relies on a technology known as a DNT header, which sends a signal to Web Sites’ visited by the user about the user’s browser DNT preference setting. Capriza does not currently commit to responding to browsers’ DNT signals with respect to the Company’s Web Sites, in part, because no common industry standard for DNT has been adopted by industry groups, technology companies or regulators, including no consistent standard of interpreting user intent. Capriza takes privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.
Use of Personal Information
In general, we use your personal information to process your requests or transactions, to provide you with information or services you request, to inform you about other information, events, promotions, products or services we think will be of interest to you, to facilitate your use of, and our administration and operation of, the Site and services and to otherwise serve you and our users. For example, we may use your personal information:
- to request feedback and to enable us to develop, customize and improve the Site and our publications, products and services;
- to conduct marketing analysis, to send you surveys or newsletters, to contact you about services, products, activities, special events or offers from Capriza or our partners and for other marketing, informational, product development and promotional purposes;
- to send you a welcoming email and to contact you about your use of the Site and services; to respond to your emails, submissions, comments, requests or complaints; to perform after-sales services; to anticipate and resolve problems with our service; to respond to customer support inquiries, for assistance with our product and service development; and to inform you of updates to products and services from Capriza that better meet your needs;
- to contact you if you win a contest; and
- for other purposes about which we notify you.
Capriza may store and process personal information in the United States and other countries.
Capriza may also receive information about Customers and Attendees from other sources, including third parties from whom we have purchased data, and combine this information with Data we already have about you. This helps us to update, expand and analyze our records, and identify new customers.
Capriza uses Web Site Navigational Information to operate and improve the Company’s Web Sites. The Company may also use Web Site Navigational Information alone or in combination with Data about Capriza Customers and Data about Capriza Attendees to provide personalized information about the Company.
Sharing of Personal Information
Capriza reserves the right to share aggregated demographic information about our customers, sales, and traffic to our partners and advertisers. We will not give, sell, rent, share, or trade any of your personal information or any data that you store using our services to any third party except as outlined in this Policy or with your consent. We may disclose information to a third party to
- in the good faith belief that disclosure is needed to respond to an emergency, or protect the personal safety of any person, or
- as required by law, such as to comply with a subpoena, or similar legal process, or
- to companies that provide services to help us with our business activities such as processing your payment or offering live customer support chat. These companies are authorized to use your personal information only as necessary to provide these services to us.
Per the requirements of the EU-U.S. Privacy Shield Framework, Capriza may be liable in cases of onward transfer to third parties not covered by the above exceptions.
Capriza may share Data about Capriza Visitors, Customers and Attendees with the Company’s contracted service providers so that these service providers can provide services on our behalf. These service providers are authorized to use your personal information only as necessary to provide the requested services to us. Without limiting the foregoing, Capriza may also share Data about Capriza Visitors, Customers and Attendees with the Company’s service providers to ensure the quality of information provided, and with third–party social networking and media Web Sites, for marketing and advertising on those Web Sites. Unless described in this Privacy Statement, Capriza does not share, sell, rent, or trade any information with third parties for their promotional purposes.
From time to time, Capriza may partner with other companies to jointly offer products, services, or programs (such as webinars or downloadable content) such as our Workshop partners. If you purchase, specifically express interest in, or register for a jointly–offered product, service, or program from or through Capriza, the Company may share Data about Capriza Customers collected in connection with your purchase or expression of interest with our partner(s). Capriza does not control our business partners’ use of the Data about Capriza Customers that we collect, and their use of the information will be in accordance with their own privacy policies. If you do not wish for your information to be shared in this manner, you may opt not to purchase or specifically express interest in a jointly offered product or service.
Capriza does not share Data about Capriza Attendees with business partners unless: (1) you specifically opt in to such sharing via an event registration form; or (2) you attend a Company event and allow Capriza or any of its business partners to scan your attendee badge. If you do not wish for your information to be shared in this manner, you may choose not to opt in via event registration forms and elect not to have your badge scanned at Company events. If you choose to share your information with business partners in the manners described above, your information will be subject to the business partners’ respective privacy statements.
The above Sections regarding Cookies, Web Beacons, Log Files, IP Addresses, URLs and Other Data specifically addresses the information we or third parties collect through cookies and web beacons, and how you can control cookies through your Web browsers. We may also disclose your personal information to any third party with your prior consent.
Capriza reserves the right to use or disclose information provided if required by law or if the Company reasonably believes that use or disclosure is necessary to protect the Company’s rights and/or to comply with a judicial proceeding, court order, or legal process.
Communication Preferences, Access, and Choice
Capriza offers Visitors, Customers, and Attendees who provide contact information a means to choose how the Company uses the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of the Company’s marketing emails. Additionally, you may unsubscribe here or by contacting us using the information in the “Contacting Us” section below.
Capriza may retain your information for a period of time consistent with the original purpose of collection. For instance, we may retain your information during the time in which you have an account to use our Web Sites or Services and for a reasonable period of time afterward. We also may retain your information during the period of time needed for Capriza to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes and enforce our agreements.
If your personal information changes, or if you no longer desire our service, you may correct, update or delete it on our Site or deactivate your account by emailing our Customer Support at email@example.com or by contacting us by telephone or postal mail at the contact information listed below. We will respond to your request to access within 30 days. If you are an employee of a Capriza customer, you may need to contact your company’s system administrator for assistance in correcting or updating your information.
Capriza may send you communications or data regarding our Site and services, including but not limited to (i) notices about your use of our Site and services, including any notices concerning violations of use, (ii) updates, and (iii) promotional information and materials regarding our products and services. You may opt-out of receiving promotional emails from Capriza by following the opt-out instructions provided in those emails. You may also opt-out of receiving promotional emails and other promotional communications from us at any time by emailing firstname.lastname@example.org with your specific request. Opt-out requests will not apply to transactional service messages, such as security alerts and notices about your current account and services.
Links to 3rd Party Sites
Public Forums, Contact Referrals, and Customer Testimonials
Capriza may provide bulletin boards, blogs, or chat rooms on the Company’s Web Sites. Any personal information you choose to submit in such a forum may be read, collected, or used by others who visit these forums, and may be used to send you unsolicited messages. Capriza is not responsible for the personal information you choose to submit in these forums.
Capriza posts a list of Customers and testimonials on the Company’s Web Sites that contain information such as Customer names and titles. Capriza obtains the consent of each Customer prior to posting any information on such a list or posting testimonials.
We display personal testimonials of satisfied customers on our Site in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at email@example.com.
Blog / Forum
Our Site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at firstname.lastname@example.org . In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
Social Media Widgets
If you have any questions about this Policy, you should first contact us at email@example.com.
Capriza is also subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Per the requirements of the EU-U.S. Privacy Shield, you may invoke binding arbitration in some cases.
Customer Data and Security
Capriza’s Customers may electronically submit data or information to the Services for hosting and processing purposes (“Customer Data”). Capriza will not review, share, distribute, or reference any such Customer Data except as provided in Capriza’s Master License and Services Agreement, or as may be required by law. In accordance with Capriza’s Master License and Services Agreement, Capriza may access Customer Data only for the purpose of providing the Services or preventing or addressing service or technical problems or as may be required by law. Additional information about the Company’s privacy and security practices with respect to Customer Data is available upon request.
Capriza acknowledges that you have the right to access your personal information. If personal information pertaining to you as an individual has been submitted to us by a Capriza customer and you wish to exercise any rights you may have to access, correct, amend, or delete such data, please inquire with our customer directly. Because Capriza personnel have limited ability to access data our customers submit to our Services, if you wish to make your request directly to Capriza, please provide the name of the Capriza customer who submitted your data to our Services. We will refer your request to that customer and will support them as needed in responding to your request within a reasonable timeframe.
Capriza uses robust security measures to protect Data about Capriza Customers and Data about Capriza Attendees. Because the Company uses the Services to maintain Data about Capriza Customers and Data about Capriza Attendees, this information, which is stored in the Services, is secured in the same manner as all other Data.
Mobile Applications provided by Capriza may obtain information from, or access data stored on, Users’ Devices to provide services related to the relevant Mobile Application. For example, a Mobile Application may: access a camera on a User’s Device to enable the User to upload photographs to the Services; access the geographic location of a User’s Device to enable the User to input an address; or access contact information on a User’s Device to enable the User to sync contact information between the information that is stored on the User’s Device and the information that is submitted to the Services; access third party applications on the device (e.g. Google Maps, Adobe Reader, Outlook, etc.) to enable navigation, open files, or send emails. Information obtained to provide Mobile Application services may include information obtained in preparation for anticipated updates to those services. Mobile Applications may transmit information to and from Devices to provide the Mobile Application services.
Mobile Applications may provide Capriza with information related to Users’ use of the Mobile Application services, information regarding Users’ computer systems, and information regarding Users’ interaction with Mobile Applications, which Capriza may use to provide and improve the Mobile Application services. For example, all actions taken in a Mobile Application may be logged, along with associated information (such as the time of day when each action was taken). Capriza may also share anonymous data about these actions with third party providers of analytics services. In addition, if a Customer purchases more than one Service from Capriza and its affiliates, a Mobile Application may be designed to interoperate with those Services; for instance, to provide a User with access to information from any or all of those Services or to provide information from a User’s Device to any or all of those Services. Information accessed or obtained by the Mobile Application on a User’s Device may be accessible to the Customer and its organization, depending on the intended functionality of the Mobile Application. Capriza may provide updated versions of its Mobile Applications. If your mobile device’s settings permit, those updates will be downloaded and installed automatically on your mobile device. By installing a Capriza Mobile Application on your mobile device, you consent to the downloading and updating of that Mobile Application.
In addition to Mobile Applications offered by Capriza, the Company may offer platforms for the creation of third-party Mobile Applications, including but not limited to the Capriza Platform. Third parties may obtain information from, or access data stored on, Users’ Devices to provide services associated with any third-party Mobile Applications that Users download, install, use, or otherwise interact with over a Capriza platform. Capriza’s Mobile Applications may also contain links or integrations to other Mobile Applications provided by third parties. Third parties’ use of information collected through third-party Mobile Applications is governed by the privacy statements of such third parties. The Company encourages you to review the privacy statements of third-party providers of Mobile Applications to understand their information practices.
Notices and contractual terms related to a particular Mobile Application may be found in the applicable Master License and Services Agreement or relevant terms of service for that application. The Company encourages you to review the Master License and Services Agreement or relevant terms of service related to any Mobile Applications you download, install, use, or otherwise interact with to understand that Mobile Application’s information practices. The Mobile Application’s access to information through a User’s Device does not cause that information to be “Customer Data” under Capriza’s Master License and Services Agreement with the Customer or under this Privacy Statement, except as follows: To the extent that a User uses a Mobile Application to submit electronic data and information to a Customer account on our Services pursuant to the Customer’s Master License and Services Agreement with Capriza (or a similar agreement that governs the Customer’s subscription(s) to Capriza’s Services), that information constitutes “Customer Data” as defined in such agreement, and the provisions of that agreement with respect to privacy and security of such data will apply. Additional information about the Company’s privacy and security practices with respect to Customer Data is available upon request.
International Transfer of Information Collected and EU-U.S. Privacy Shield Framework
This Privacy Statement shall apply even if Capriza transfers Data about Capriza Customers or Data about Capriza Attendees to other countries.
Capriza generally operates as a “Processor” of Data under the GDPR, but, depending on the specific circumstances, Capriza may occasionally operate as a “Controller” of Data. With respect to Capriza’s relationship with its Customers, Capriza is a “Processor” of Data and the Customer is the “Controller” of the Data. The Company primarily stores Data about Capriza Customers and Data about Capriza Attendees in the United States. However, for certain Capriza applications, Data may be stored outside of the United States. To facilitate Capriza’s global operations, the Company may transfer and access such information from around the world, including from other countries in which the Company has operations. All such transfers and access of such information shall comply with the GDPR and all other applicable data protection and security standards.
In order to deliver the best possible experience to our Customers, Capriza utilizes subprocessors for some elements of its offerings, such as: Cloud Storage Infrastructure, Alerts, Logs, etc. A list of these subprocessors can be found below:
- Amazon Web Services (AWS)
- Google Firebase/Google Analytics
- Branch Metrics (branch.io)
- Sumo Logic
In compliance with the Privacy Shield Principles, Capriza commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Statement should first contact Capriza at: firstname.lastname@example.org
Capriza has further committed to cooperate with EU data protection Supervisory Authorities with regard to unresolved Privacy Shield complaints. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the applicable EU Supervisory Authority for more information or to file a complaint.
Any questions about this Policy should be addressed to email@example.com or through the contact information below.
3000 El Camino Real, Suite 5-800
Palo Alto, CA 94306
Telephone: +1 650 600 3661
For GDPR specific inquiries, please contact our GDPR Article 27 Representative:
MCF Legal Technology Solutions Limited