ProcessUnity’s Privacy Policy

1. Overview

This Privacy Policy details how ProcessUnity gathers, uses, discloses, and manages customer, business partner, and visitor data

1.1. Purpose

ProcessUnity, Inc. (“ProcessUnity”, “we” or “us”) respects the privacy of its customers, business partners and visitors to its Website (as defined below). The ProcessUnity Privacy Policy (the “Policy”) describes the information that we collect, how we obtain the information, and how we may use or disclose that information. This Policy also describes the measures we take to protect the security of the information and how individuals can contact us about our privacy practices.

2. Scope

This Policy only covers our privacy practices with respect to the collection, use, and disclosure of information obtained through the ProcessUnity website at www.processunity.com and in connection with the use of our hosted software applications (the “Subscription Service”) and related support services (“Support Services”), as well as professional services, training and certification (the “Professional Services”) that we provide to Customers. In this Policy, the Subscription Service, Support Services and the Professional Services are collectively referred to as the “Service.”

For the purposes of this Policy:
“Customer” means any entity that purchases the Service.
“Customer Data” means the electronic data uploaded into the Subscription Service by or for Customer or its authorized users.
“Visitor” means a visitor of the Website.

3. Website

3.1. How We Obtain Information

As further described below, we collect several types of information from and about our Visitors. Some of the information that we collect constitutes “personal information” under data privacy laws, including, without limitation, the European Union’s General Data Protection Regulation (GDPR).

3.1.1. Information You Provide to Us

When filling out forms on our Website we collect personal information, including without limitation, name, mailing address, email address and telephone number.
When you post material to our Website, participate in bulletin boards, chat rooms, blogs, comment threads, forums or other interactive features of our Website, register, or request further information or services from us.
When you enter a contest or promotion we sponsor.
When you report a problem with our Website
When you contact us.
When you complete our surveys.
Other information you may submit to us related to your use of our Website.

3.1.2. Information From Third Parties

ProcessUnity may collect and use information we receive from third parties in connection with your use of the Website. For instance, ProcessUnity uses a third party for reporting and analytics to measure the effectiveness of our Website and marketing efforts, and to identify areas for improvement.

3.1.3. Information We Collect as You Navigate Through the Website

As you navigate through the Website, we may also collect details about your visits to our Website including, but not limited to, your IP address, usage patterns, traffic data, location data, logs and other communication data and the resources that you access, as well as information about your computer and internet connection, including your operating system and browser type.

3.1.4. Cookies and Other Forms of Automated Collection

We use “cookies” to help us improve our Website. A cookie is a small file stored on the hard drive of your computer. We may use cookies to obtain information about your general Internet usage and to:

Estimate our audience size and usage patterns.
Store information about your preferences, allowing us to customize our Website.
Speed up your searches.
Authenticate your access to various areas of our Website.
Recognize you when you return to our Website.
Track when you respond to surveys.

ProcessUnity’s third parties may use JavaScript to collect IP addresses from our Visitors and our hosting provider may also collect server logs. Information gathered through these automated means may be associated with the personal information you previously submitted on our Website.

3.2. How We Use Information Collected

We may use information that we collect about Visitors for the following purposes:

To present our Website and their contents in a suitable and effective manner for you and for your computer.
To diagnose and resolve technical problems with our Website.
To improve our Website.
To provide you with information, products or services that you request from us.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including without limitation, our Website Terms of Use.
To notify you about changes to our Website or obtain any required consent.
To allow you to participate in interactive features of our Website, when you choose to do so.
For industry analysis, benchmarking, analytics, marketing, and other business purposes.
To track your browsing behavior, such as the pages you visited over time.

If you ask us to contact you about goods and services that may be of interest to you, we may use your personal information or permit selected third parties to use your personal information to provide you with such services. Visitors may withdraw consent at a later time by clicking on the “unsubscribe” link located in the emails sent by ProcessUnity. For more information, see Communication Preferences and Choices below.

3.3. Our Legal Basis For Collecting Personal Information

Whenever we collect personal information from you, we may do so on the following legal bases:

Your consent to such collection and use;
Out of necessity for the performance of an agreement between us and you, such as your agreement to use our solutions;
Our legitimate business interest, including but not limited to the following circumstances where collecting or using personal information is necessary for:
1. Intra-organization transfers of data for administrative purposes;
2. Product development and enhancement, where the processing enables us to enhance, modify, personalize, or otherwise improve our services and communications for the benefit of our users, and to better understand how people interact with our Website;
3. Communications and marketing, including processing data for direct marketing purposes, and subject to your opt-in for these purposes, and to determine the effectiveness of our promotional campaigns and advertising;
4. Fraud detection and prevention;
5. Enhancement of our cybersecurity, including improving the security of our network and information systems; and
6. General business operations and diligence.

In each circumstance, however, we will weigh the necessity of our processing for the purpose against your privacy and confidentiality interests, including taking into account your reasonable expectations, the impact of processing, and any safeguards which are or could be put in place. In all circumstances, we will limit such processing for our legitimate business interest to what is necessary for its purposes.

3.4. Our Retention Of Your Personal Information

We may retain your personal information for a period of time consistent with the original purpose for collection. For example, we keep your personal information for no longer than reasonably necessary for your use of our products and services and for a reasonable period of time afterward. We also may retain your personal information during the period of time needed for us to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes and enforce our agreements.

3.5. European Users’ Rights With Regard To Personal Information

Some data protection laws, including the GDPR, provide you with certain rights in connection with personal information you have shared with us. If you are resident in the European Economic Area, you may have the following rights:

The right to be informed. You are entitled to be informed of the use of your personal information. This Privacy Policy provides such information to you.
The right of access. You have the right to request a copy of your personal information which we hold about you.
The right of correction: You have the right to request correction or changes of your personal information if it is found to be inaccurate or out of date.
The right to be forgotten: You have the right to request us, at any time, to delete your personal information from our servers and to erase your personal information when it is no longer necessary for us to retain such data. Note, however, that deletion of your personal information will likely impact your ability to use our services.
The right to object (opt-out): You have the right to opt-out of certain uses of your personal information, such as direct marketing, at any time.
The right to data portability: You have the right to a “portable” copy of your personal information that you have submitted to us. Generally, this means your right to request that we move, copy or transmit your personal information stored on our servers / IT environment to another service provider’s servers / IT environment.
The right to refuse to be subjected to automated decision making, including profiling: You have the right not to be subject to a decision and insist on human intervention if the decision is based on automated processing and produces a legal effect or a similarly significant effect on you.
The right to lodge a complaint with a supervisory authority.

3.6. How We Share Information Collected

We may disclose personal information that you provide to us via this Website, to the following third parties:

Our subsidiaries and affiliates.
Contractors, business partners and service providers we use to support our business or who provide services on our behalf.
In the event of merger, acquisition, or any form of sale or transfer of some or all of our assets (including in the event of a reorganization, dissolution or liquidation), in which case personal information held by us about our Visitors will be among the assets transferred to the buyer or acquirer.

We may also disclose your personal information to third parties to:

Comply with any court order or other legal obligation.
Respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Enforce or apply our Website Terms of Use or terms of any other agreement.
Protect the rights, property, or safety of ProcessUnity or others.

We do not sell, rent or trade information collected through the Website with third parties for their promotional purposes. We require a contract when personal data received under the Privacy Shield is transferred either to a third party acting as a controller or to a third party acting as an agent.

3.7. International Transfer Of Data

ProcessUnity may store and process any information collected in connection with the Website in any country where we have facilities or in which we engage service providers. By using our Website, you consent to the collection, storage, transfer and processing of information outside of your country of residence, including in the United States.

3.8. Communication Preferences And Choices

We provide certain choices regarding the information Visitors provide to us. We have created mechanisms to provide you with the following control over your information when using our Website. If you do not wish to have your e-mail address used for promotional purposes by ProcessUnity, you may withdraw consent at a later time by clicking on the “unsubscribe” link located in the emails sent by ProcessUnity.

3.8.1. Cookies

Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website. You may refuse to accept cookies by activating the appropriate setting on your browser. You may also set your browser to alert you when cookies are being sent. However, if you do so, please note that some parts of our Website may then be inaccessible or function improperly.

3.8.2. Do Not Track

While ProcessUnity attempts to honor do not track (“DNT”) instructions we receive from a Visitor’s browser, we cannot guarantee that ProcessUnity will always respond to such signals, in part, because of the lack of common industry standard for DNT technology. We continue to monitor developments in DNT technology and stay apprised of DNT industry standards as they evolve.

3.8.3. Choice

You should review this Policy carefully, because if you do not agree with our practices, your ultimate choice is not to use the Website. Remember, by using any part of our Website, you accept and agree to our privacy practices.

3.9. Accessing And Correcting Your Personal Information

You may send us an e-mail at privacy@processunity.com to request access to, correct or delete any personal information that you have provided to us in connection with the Website. We will use reasonable efforts to respond to such requests for correction or updates to personal information.

4. Services

4.1. How We Obtain Information

As described below, we collect several types of information from about our Customers, including:

General information, including a Customer’s company name and address and the Customer’s representative’s contact information (“General Information”) for billing and contracting purposes.
Information and correspondence you submit to us in connection with Professional Services or other requests related to our Service.
Information we receive from our business partners in connection with your use of the Service or in connection with services provided by our business partners on your behalf, including configuration of the Subscription Service.
Quantitative data derived from your use of the Subscription Service, for example and without limitation, the number of active roles within a Customer’s instance. All data collected, used, and disclosed will be in aggregate form only and will not identify Customer or its users.
Server logs in support of the Subscription Service.

4.1.1. Cookies

When you use the Subscription Service, we use cookies to:

Track session state in the Subscription Service.
Authenticate your access to the Subscription Service.
Recognize you when you return to the Subscription Service.

4.2. How We Share Information Collected

We do not share, sell, rent or trade information collected through the Service with third parties for their promotional purposes.

We may also disclose your personal information to third parties to:

Comply with any court order or other legal obligation.
Enforce or apply the terms of the definitive agreement between Customer and ProcessUnity pursuant to which the Customer purchased access to the Subscription Service (the “Customer Agreement”).
Protect the rights, property, or safety of ProcessUnity, our Customers, or others.

ProcessUnity is responsible for the processing of personal data it receives under the Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. ProcessUnity complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

In the event of merger, acquisition, or any form of sale or transfer of some or all of our assets (including in the event of a reorganization, dissolution or liquidation), in which case personal information held by us about our Customers will be among the assets transferred to the buyer or acquirer.

4.3. Customer Data

We may use Customer Data to provide the Service, including updating and maintaining the Subscription Service and providing Support and Professional Services. Notwithstanding anything else to the contrary in this Policy, we will not use, disclose, review, share, distribute, transfer or reference any Customer Data except as permitted in the Customer Agreement or as required by law.

4.4. Human Resources (HR) Data

ProcessUnity collects human resources data such as name, address, email address and tax/identity numbers from job applicants and employees of ProcessUnity for, among other things, legitimate human resource business reasons such as payroll administration, filling employment positions, maintaining accurate benefits records, meeting governmental reporting requirements, security, health and safety management, performance management, company network access and authentication. ProcessUnity also may collect information considered human resources data from users of our Subscription Service. ProcessUnity commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.

5. General

5.1. Compliance with Privacy Shield Framework

ProcessUnity complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. ProcessUnity has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

5.2. Security Statement

We maintain administrative, organizational, technical and physical safeguards designed to protect the personal information obtained through the Website and in connection with the Service against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. Please read our Data Privacy and Security Statement.

5.3. Third Party Websites And Applications

This Website may link to websites that are not owned or controlled by ProcessUnity. As such, this Policy does not apply to information collected on any third-party site or by any third-party application that may link to or be accessible from the Website. In addition, Customers and other third parties, including consultants, may develop applications or provide services to you or other third parties using our Service. This Policy does not apply to information collected by Customers, third parties or third-party applications or services, even if this information is collected using our Website or Service. This Policy also does not cover the use or disclosure of any information stored in the Subscription Service when hosted by the Customer.

5.4. Changes To Our Privacy Policy

ProcessUnity reserves the right to update or change this Policy from time to time. If we make material changes to this Policy, we will notify you through an appropriate online notice (and obtain your consent where required by applicable law). Your continued use of the Website or Service is deemed to be acceptance of any updates or changes we make to this Policy and as such, we ask that you review the Policy periodically for any updates or changes that we may have made.

6. Contact Information

To ask questions or comment about this Policy and our privacy practices or if you need to update, change or remove your information, contact us at: privacy@processunity.com or:

ProcessUnity, Inc
Attn: Privacy Officer
33 Bradford Street
Concord, MA 01742

Phone: 978.451.7655

All other feedback, comments, requests for technical support and other communications relating to the Website should be directed to: marketing@processunity.com.

This website is operated by ProcessUnity, Inc., a Delaware corporation located at 33 Bradford Street Concord, MA 01742.

7. Complaint Resolution

In compliance with the Privacy Shield Principles, ProcessUnity commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact ProcessUnity at the contact information listed above.

ProcessUnity has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.

It is possible, under certain conditions, for you to invoke binding arbitration.

8. Guidelines

None

9. Enforcement

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

ProcessUnity is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Cookie	Type	Duration	Description
__cfduid	1	1 month	The cookie is set by CloudFare. The cookie is used to identify individual clients behind a shared IP address d apply security settings on a per-client basis. It doesnot correspond to any user ID in the web application and does not store any personally identifiable information.
cli_user_preference	0	1 year	This cookie stores consolidated information of consent of all categories in the GDPR Cookie Consent plugin. This cookie is used to ensure the smooth functioning of the plugin with certain cache plugins.
cookielawinfo-checkbox-advertisement	0	1 year	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given their consent to the usage of cookies under the category 'Advertisement'.
cookielawinfo-checkbox-analytics	0	1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-functional	0	1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Functional".
cookielawinfo-checkbox-marketing	0	1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Marketing".
cookielawinfo-checkbox-necessary	0	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-non-necessary	0	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non Necessary".
cookielawinfo-checkbox-preferences	0	1 year	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Preferences'.
PHPSESSID	0		This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	0	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Type	Duration	Description
bcookie	0	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
bscookie	1	2 years	This cookie is a browser ID cookie set by LinkedIn share Buttons and ad tags.
cf_ob_info	0	1 minute	The CloudFlare service is mostly used for content distribution network (CDN) services.
cf_use_ob	0	1 minute	The CloudFlare service is mostly used for content distribution network (CDN) services.
lang	0		This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	0	1 day	This cookie is set by LinkedIn and used for routing.
lissc	0	1 year	Cookie used for Sign-in with Linkedin and/or for LinkedIn follow feature.

Cookie	Duration	Description
__stid	1 year	The cookie is set by ShareThis. The cookie is used for site analytics to determine the pages visited, the amount of time spent, etc.
__stidv	1 year	The cookie is set by ShareThis. The cookie is used for site analytics to determine the pages visited, the amount of time spent, etc.
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, camapign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randoly generated number to identify unique visitors.
_gcl_au	2 months	This cookie is used by Google Analytics to understand user interaction with the website. All information this cookie collects is aggregated and therefore anonymous.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.

Cookie	Type	Duration	Description
IDE	1	2 years	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
li_sugr	0	2 months	This cookie is a browser ID cookie set by LinkedIn when an IP address is not in a Designated Country.
u	0	2 months	LinkedIn Insight Tag, when IP address is not in a Designated Country
UserMatchHistory	0	4 weeks	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.

The Undisputed Leader in Vendor Risk Management

Evaluating Third-Party Risk Management Software? Speed Up the Process with Our RFP Starter Kit