Introduction: What Is CerteVerus AI and Why Do We Collect Your Information
CerteVerus AI, Inc. (“CerteVerus AI”) collects the business data of our customers and uses that data to create a “digital twin,” a virtual model of the customer based on its data that we use to measure the effect of changes to its business operations, both historically and predictively (the “Modeling and Consulting”). Although we rely on our clients’ business data, personal information is frequently included in that data.
We care about how your personal information is used and shared, and we take your privacy seriously. Please read the following to learn more about our Privacy Policy. By visiting or using the various websites owned and operated by CerteVerus AI under the certeverus.ai domain (the “Websites”), using CerteVerus AI portals and products (the “Portals”), or using and/or accessing other applications, software, or services offered from time to time by CerteVerus AI in connection with the Modeling and Consulting (collectively, the “Services”) in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you hereby consent to our collection, use, and sharing of your information in the following ways.
A. What Does This Privacy Policy Cover?
This Privacy Policy covers our treatment of (1) personally identifiable information, as defined by numerous statutes in the United States (such statutes, the “PII Laws”), (2) information protected by the California Consumer Privacy Act (the “CCPA”) and the California Online Privacy Protection Act (“CalOPPA”), (3) personal information and private information, as defined by the New York Stop Hacks and Improve Electronic Data Security Act (the “SHIELD Act”); (4) personal data, as defined by the European Union General Data Protection Regulation (the “GDPR”), and (5) personal information, as defined by Canada’s Personal Information Protection and Electronics Documents Act (“PIPEDA”, and collectively with the PII Laws, CCPA, CalOPPA, the SHIELD Act, and GDPR, the “Privacy Laws”) (collectively, “Personal Information”), which we gather as part of providing the Services, as described in more detail below.
This policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.
B. What Information Does CerteVerus AI Collect?
CerteVerus AI does not collect Personal Information indiscriminately. We limit the type of Personal Information and the amount of Personal Information to what is necessary to fulfill the purposes identified in this Privacy Policy. With that in mind, we collect the following types of information.
1. Personal Information Provided to Us
CerteVerus AI’s customers provide information about their business operations employees, and business development activities so that we may provide the Services. Frequently, our customers collect or manage this information in applications such as Salesforce, Yelp, and Zocdoc (collectively, “Business Applications”). The information our customers provide to us includes: names, contact information (including home address, work address, email address, fax number, and phone number), date of birth, demographic information (including age, gender, household income, and marital status), family information (including name, age, gender, date of birth, contact information, marital status, insurance information for, and data concerning the health of a partner or spouse, children, and other family members), information related to an individual as a business contact or referral source (including job title, employer information, history of communications with our customers, history of the individual’s business transactions with our customers, and other people the individual knows or has referred to our customers), social media profile and activity, public reviews and comments, online activity, medical appointment history, work schedule, salary, and benefits provided by employer (including health insurance, life insurance, dental insurance, and extended care insurance). In providing the Services, we do not actively collect the notes or comments of our customers’ employees regarding business operations, other employees, or business development activities and contacts, but we cannot control how those employees enter and categorize the information in Business Applications that we collect. As a result, we may collect the contents of some of those notes and comments.
2. Personal Information You Provide to Us
At times when you interact with the Services, you may provide Personal Information to CerteVerus AI. This information may include: your name, contact information (including home address, work address, email address, and phone number), account credentials (including user name, password, and security questions), communication preferences, and credit card information.
You may communicate with CerteVerus AI through email, mail, in person communications, phone, text, chat, or any other paper and electronic form. When you do so, we may collect your name, contact information (including phone number, email address, work and/or home address), the content of any communication, the metadata associated with any communication, and other such Personal Information. Phone calls may be monitored or recorded.
If you apply for employment, CerteVerus AI may collect or you may choose to provide the following: name, contact information (including phone number, email address, work and/or home address), date of birth, demographic information (like gender, age, household income, nationality, and race and ethnicity), immigration status and documentation, schooling and education information, disability information, recommendations, employment information and history, information from interviews, user name or e-mail address, any other information you may provide to CerteVerus AI, and other such Personal Information.
You can choose not to provide CerteVerus AI with Personal Information. However, doing so will affect our ability to communicate with, provide Services to, employ, or otherwise interact with you.
3. Personal Information Processed Automatically
When accessing or using CerteVerus AI’s Websites, Portals, and applications, certain information may be passively collected using various technologies, such as IP addresses and cookies.
An IP address is a number assigned to a computer by an Internet service provider to access the Internet. In most consumer cases, an IP address is dynamic (changing each time connect to the Internet), not static (unique to a particular user’s computer).
Cookies are small text files that are placed on computers by websites. They are widely used to make websites work more efficiently, and to provide information to the owners of the site. Most web browsers allow some control of cookies through browser settings. CerteVerus AI may collect the following information via cookies: aggregate statistical information, information related to use of the Websites, referring websites, Portals, access times, IP address, device type, domain name, software on your device, and browser type. You may be able to change the preferences on your browser or mobile device to send “do not track” signals or to prevent or limit your device’s acceptance of cookies, but this may change the functionality of the Websites, Portals, or other applications. If you click on a link to a third party website, such third party may also transmit cookies. This Privacy Policy does not cover the use of cookies by any third party.
4. E-mail and Other Communications
CerteVerus AI may communicate with you by email. When we do so, we may receive a confirmation when you open an email, which helps us improve the Services. If you do not want to receive unsolicited marketing email from CerteVerus AI, you can indicate that preference by clicking on the unsubscribe link in a CerteVerus AI email or by contacting CerteVerus AI using the contact information provided below. Please note that, if you do not want to receive emails or notices from CerteVerus AI, those notices will still govern your interactions with CerteVerus AI, and you remain responsible for reviewing and adhering to such notices, including this Privacy Policy and the Terms of Use on the Websites and Portals.
5. Information Purchased from Third Parties
CerteVerus AI purchases the contact information for potential clients from third parties from lead generation services LinkedIn Navigator, Phantom, and Wiza.
6. Special Categories of Personal Information
From time-to-time, CerteVerus AI collects the following special categories of Personal Information: data concerning health, and racial or ethnic origin. With the exception of the previous sentence, and except as otherwise stated in this Privacy Policy, we do not knowingly collect special categories of Personal Information, including (1) Personal Information revealing political opinion, religious or philosophical beliefs, or trade union membership, and (2) genetic data, biometric data, and data concerning a natural person’s sex life or sexual orientation. Where we collect and use such information as a controller (as defined in the GDPR), we will provide you with a form explaining the collection of such Personal Information and requesting your informed consent. Where we collect and use such information as a processor (as defined in the GDPR), we rely on the controller to obtain your informed consent.
7. Personal Information CerteVerus AI Has Collected in the Last 12 Months
Except as excluded in Section B(6), CerteVerus AI has collected all types of Personal Information listed in this Section B in the 12 months immediately preceding the Effective Date of this Privacy Policy.
C. What Does CerteVerus AI Do With Personal Information?
1. Use of Personal Information
CerteVerus AI uses all categories of Personal Information listed above for any and all legal and legitimate businesses purposes, including the following: (a) communicate with individuals; (b) conduct CerteVerus AI’s business operations, including performing research among individuals who interact with or may interact with the Services; (c) provide the Services; (d) operate, maintain, and improve the Websites, the Portals, and other software and applications; (e) evaluate and hire potential employees; (f) prepare and manage events; (g) investigate and resolve disputes and other issues; (h) disclose to third parties as set forth in this Section and Section D; (i) develop aggregate or statistical information to support any of the other purposes listed in this Section, and (j) any other lawful and legitimate business purpose.
2. Storage of Personal Information
Unless noted otherwise in this Privacy Policy, we store and process all electronic Personal Information that we collect in the United States.
D. Will CerteVerus AI Disclose Personal Information?
CerteVerus AI discloses Personal Information to third parties as described below. This Privacy Policy does not govern or apply to any third party that CerteVerus AI does not own.
1. Third Party Service Providers
CerteVerus AI discloses Personal Information to third parties necessary or appropriate to provide the Services, including cloud storage providers and any other third party that an individual requests or authorizes CerteVerus AI to disclose Personal Information about them to or that is necessary or appropriate for CerteVerus AI to disclose Personal Information to in order to provide the Services.
2. Sale of Personal Information
CerteVerus AI does not sell Personal Information.
3. Business Transfers
CerteVerus AI may sell its assets. In these types of transactions, Personal Information is one of the assets transferred. If CerteVerus AI sells all or substantially all of its assets, or if CerteVerus AI goes out of business, enters bankruptcy, or goes through some other change of control, Personal Information would be one of the assets transferred to or acquired by a third party.
4. Legal Obligations, Protection of CerteVerus AI, and Protection of Others
CerteVerus AI will disclose any Personal Information that CerteVerus AI reasonably believes is necessary or appropriate to comply with law or court order, enforce or apply CerteVerus AI’s Privacy Policy, Terms of Use, and other agreements, or protect the rights, property, or safety of CerteVerus AI, our employees, our customers, our users, the public, or others. This includes disclosing Personal Information to third parties for fraud protection and credit risk reduction.
5. Consent
Except as set forth above, we will obtain your consent before disclosing your Personal Information to a third party.
6. Personal Information CerteVerus AI Has Sold to Customers in the Last 12 Months
CerteVerus AI has not sold Personal Information in the last 12 months. CerteVerus does not sell Personal Information.
7. Personal Information CerteVerus AI Has Disclosed to Third Parties in the Last 12 Months
CerteVerus AI discloses Personal Information to third parties in the course of providing Services, as described in this Section. In the course of doing so, except as noted in Section B(6) above, CerteVerus AI has disclosed to such third parties all categories of Personal Information listed in Section B in the 12 months immediately preceding the Effective Date of this Privacy Policy, listed at the bottom of this document.
E. What Are CerteVerus AI’s Legal Bases for Collecting and Using Personal Information?
As relevant, CerteVerus AI collects and uses your Personal Information (1) pursuant to your informed consent, which you have granted by confirming the prompts produced by the Websites, Portals, and other applications, and by continuing to use the Websites, Portals, and other applications, consistent with the Privacy Policy and our Terms of Use, (2) in order to pursue CerteVerus AI’s legitimate business interests, and/or (3) to provide the Services. Any one or more of the bases in the previous sentence are the legal basis for CerteVerus AI’s collection and use of your Personal Information, depending on your use of the Websites, the Portals, other applications, and the Services, and your relationship with CerteVerus AI.
To the extent that you give CerteVerus AI Personal Information about another individual, you will ensure, and hereby represent to CerteVerus AI, that each such other individual has consented to CerteVerus AI’s collection and use of Personal Information about that individual, if and to the extent Privacy Laws require such consent.
F. How Long Will CerteVerus AI Retain Personal Information?
Except upon the request of an individual, as explained in Section G below, and except as the Privacy Laws permit or require otherwise, CerteVerus AI will determine the retention period of any Personal Information based on the following criteria:
1. The nature of our relationship with the relevant customer;
2. The existence of other ongoing or expected projects with the relevant customer;
3. The nature of the Personal Information in question; and
4. Our business needs.
G. What Are Individuals’ Rights With Respect to Personal Information About Them?
Except where permitted or required by Privacy Laws, you have the following rights regarding CerteVerus AI’s collection and use of your Personal Information.
1. Requests to CerteVerus AI
You may request the following from CerteVerus AI with respect to your Personal Information:
(1) The correction, updating, deletion, or restriction of collection and use of your Personal Information;
(2) The categories of Personal Information CerteVerus AI has collected about you;
(3) The categories of sources from which CerteVerus AI has collected your Personal Information;
(4) The envisaged period for which the Personal Information will be stored, or, if not possible, the criteria used to determine that period;
(5) The business or commercial purpose(s) for collecting and disclosing your Personal Information;
(6) An account of how CerteVerus AI has used or is using your Personal Information;
(7) A copy of your Personal Information retained by CerteVerus AI, to be delivered in a structured, commonly used and machine readable format to review or to transfer or transmit to another entity without hindrance, to the extent that that is technically feasible;
(8) The categories of third parties with whom CerteVerus AI shares your Personal Information;
(9) The categories of your Personal Information that we have shared with third parties, including customers, and the categories of third parties to which we have shared each particular category of Personal Information;
(10) A list of all third parties that have received your Personal Information from CerteVerus AI; and
(11) The specific pieces of Personal Information CerteVerus AI has collected about you.
If you request that your Personal Information be erased or deleted or that CerteVerus AI otherwise restrict its collection and use of Personal Information, CerteVerus AI may terminate or limit your access to the Websites, Portals, other applications, and the Services. If CerteVerus AI has not collected or used your Personal Information, or has not disclosed your Personal Information to another party, CerteVerus AI will inform you of that in response to any of the above requests. Some information may remain in CerteVerus AI’s backup media after erasure or deletion for a period of time. When you request that CerteVerus AI update information, CerteVerus AI may retain a copy of the unrevised information in CerteVerus AI’s records. CerteVerus AI also may use any anonymized aggregated statistical data derived from or incorporating Personal Information after it is updated, erased, or deleted, but not in a manner that would identify you.
We will confirm receipt of all such requests and provide information about how CerteVerus AI will process the request within 10 days of receipt. We will substantively respond to all such requests within 30 days, subject to lawful extension of that period, and there may be a delay in processing a request while we verify that the request is valid and originates from you as opposed to an unauthorized third party. Our verification process varies based on the source and nature of the request, but may include: comparing data in the request against Personal Information we retain; contacting you using other contact information; requesting further information, although we will avoid doing so to the extent possible; and the consideration of certain factors, including the type, sensitivity, and value of your Personal Information, the risk of harm to you posed by an unauthorized request, the likelihood that fraudulent or malicious actors would seek your Personal Information, the manner in which we interact with you, the available technology, and whether the information you have provided to verify your identity is sufficiently robust to protect against fraudulent requests. To the extent permitted by the Privacy Laws, CerteVerus AI retains the right to deny any request if we cannot verify that it originated from you.
CerteVerus AI retains records of all of the above requests and our responses for 24 months, unless otherwise prohibited by the Privacy Laws.
You may make any of the foregoing requests by contacting CerteVerus AI at the contact information in Section P below.
2. Authorized Agent
You may authorize an agent to take any of the acts permitted in this Section G on your behalf. To do so, you must provide written and signed authority to the agent, and written and signed notice to CerteVerus AI that CerteVerus AI may act on such requests by that agent. You may withdraw such authorization at any time by contacting CerteVerus AI at the contact information in Section P below.
3. Withdrawal of Consent
To the extent CerteVerus AI collects and uses your Personal Information pursuant to your consent, you may withdraw your consent at any time by contacting CerteVerus AI at the contact information in Section P below, although such withdrawal does not affect the lawfulness of Company’s use of your Personal Information before such withdrawal. Withdrawal of consent may affect the functionality of the Websites, the Portals, other applications, and the Services.
4. Object or Challenge
You may object to, or otherwise challenge, CerteVerus AI’s collection and use of your Personal Information. You may do either by contacting CerteVerus AI using the contact information in Section P below.
CerteVerus AI will respond within 30 days. Where such objection is received from an individual whose Personal Information CerteVerus AI collects and uses as the processor for a controller (as those terms are defined in the GDPR), CerteVerus AI will inform the controller of the objection within 30 days.
5. Filing a Complaint
Regulatory authorities that oversee the Privacy Laws typically advise individuals to file an objection or challenge with the company before lodging a formal complaint with a regulatory authority. If an individual is dissatisfied with CerteVerus AI’s response to an objection or challenge filed under Section G(4), or wishes to file a complaint with a regulatory authority first, the individual may do so, including as follows:
PIPEDA: Office of the Privacy Commissioner of Canada;
GDPR: a supervisory authority in the relevant European Union member state;
CCPA: California Attorney General; and
PII Laws: the relevant states’ Attorney General’s office.
6. Prohibit Automated Processing
At your request, CerteVerus AI will terminate any automated decision making, including profiling, that is the sole source of decisions that produce a legal effect concerning or similarly significantly affecting you. Consistent with Section M, CerteVerus AI does not use any such automated decision making or profiling at this time.
7. Accessibility for Users with Disabilities
If you are unable to review this Privacy Policy or any portion of this Policy, please contact CerteVerus AI using the contact information provided in Section P to request that CerteVerus AI provide this Privacy Policy in an alternative format.
8. Non-Discrimination
CerteVerus AI will not discriminate against you because you have exercised any of the rights above or any other rights you retain pursuant to the Privacy Laws, including, but not limited to by:
1. Denying goods or services to you;
2. Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
3. Providing a different level or quality of goods or services to you; and
4. Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
Consistent with the Privacy Laws, CerteVerus AI: (i) retains the right to charge you a different price or rate, or provide a different level or quality of goods or services to you, if that difference is reasonably related to the value provided to CerteVerus AI by your Personal Information; (ii) may offer financial incentives, including payments to you as compensation, for the collection, disclosure, or deletion of your Personal Information; (iii) may enter you into a financial incentive program only if CerteVerus AI clearly describes the material terms of the financial incentive program, so long as you give CerteVerus AI prior opt-in consent, which you may revoke at any time; and (iv) shall not use financial incentive practices that are unjust, unreasonable, coercive, or usurious in nature.
H. What Are CerteVerus AI’s Financial Incentives?
CerteVerus AI does not offer any financial incentives for providing Personal Information.
I. Is Personal Information Secure?
CerteVerus AI employs reasonable and appropriate technological, physical, and administrative measures to safeguard the confidentiality, integrity, and availability of Personal Information. Individuals seeking additional information about such safeguards may contact CerteVerus AI using the contact information in Section P below.
The Websites, the Portals, and other applications may contain links to other sites and third party content. CerteVerus AI is not responsible for the security or privacy provided by such third parties.
J. Personal Information From Children Under 18
CerteVerus AI does not knowingly collect or use Personal Information from anyone under the age of 18 without first obtaining verified parental consent. With regard to the Personal Information we receive from our customers, we rely on our customers to obtain all required verified parental consent.
If an individual is under the age of 18, the individual may not register or attempt to register for an account on the Website or Portals, retain CerteVerus AI to provide any Services, or give any information to CerteVerus AI. If and to the extent CerteVerus AI learns that it has collected or used Personal Information from a child under age 18 without verified parental consent, CerteVerus AI will either delete that Personal Information or obtain verified parental consent to collect and use that Personal Information as described in this Privacy Policy. If you believe that CerteVerus AI has received any Personal Information from a child under age 18 without first obtaining verified parental consent, please contact CerteVerus AI using the contact information provided below.
K. Contractual or Statutory Requirements
Except as noted in this Privacy Policy or any contract governing the Services that CerteVerus AI provides, CerteVerus AI’s collection and use of Personal Information is not a contractual or statutory requirement or a requirement necessary to enter into a contract.
L. Failure to Provide Personal Information
You can always opt not to disclose information to CerteVerus AI. If and to the extent you elect to do so, that decision will affect CerteVerus AI’s ability to communicate with, provide Services to, employ, or otherwise interact with you.
M. Automated Decision Making
CerteVerus AI does not rely on automated decision making, including profiling, that will produce legal effects concerning or similarly significantly affecting any individual. Pursuant to Article 4(4) of the GDPR, profiling is defined as “any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse [sic] or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior [sic], location or movements.”
N. Transfer of Data
If and to the extent that CerteVerus AI transfers Personal Information from another country into the United States, CerteVerus AI does so in compliance with the Privacy Laws of the originating country.
O. Changes to Privacy Policy
CerteVerus AI may amend this Privacy Policy from time to time. Use of Personal Information we collect now is subject to the Privacy Policy in effect at the time such information is used. If we make changes in the way we use Personal Information, we will notify you by posting an announcement on the Websites or sending you an email. You are bound by any changes to the Privacy Policy when you use the Websites, Portals, other applications, or the Services after such changes have been first posted.
P. Contact Information
All questions, concerns, or requests about or under this Privacy Policy or about CerteVerus AI’s collection and use of Personal Information should be directed to CerteVerus AI as follows:
support@certeverus.ai
978-448-0365
Q. Effective Date
This Privacy Policy is effective as of September 30, 2020.
