EFFECTIVE DATE: August, 31 2022
If you are a resident of California, please refer to Section 12. Additional Privacy Information for California Residents below, for information about the categories of personal data we collect and your rights under California privacy laws.
If you are a resident of the UK or EEA, please refer to Section 13: Additional Information for UK/EEA residents.
Except as otherwise noted below, this Policy applies to the personal data we process as a controller or business related to:
Not In Scope. This Policy does not apply to the personal data that we collect and process about our employees and personnel or job applicants and candidates. In addition, this Policy does not apply to the extent we process personal data, as a processor or service provider, on behalf of our Business Clients (“Client Customer Data”). Our processing of Client Customer Data is subject to the terms of our written contracts with each Business Client, who is the controller or business for the Client Customer Data that we process on their behalf. Our Services may contain links to third party sites. Please be aware that we are not responsible for the privacy practices of other sites.
As further described below, we collect personal data directly from individuals, as well as from third parties and automatically related to the use of our Services or other interactions with us.
Personal Data Collected Directly. The personal data we collect from our Business Clients depends upon how they use our Services or otherwise interact or engage with us and includes:
Personal Data from Third Parties. We may collect personal data from third party sources, such as public databases, joint marketing partners, social media platforms or other third parties. We may receive lead and prospect information from third parties about prospective Business Clients that may be interested in our Services. We may also engage with third parties to enhance or update our Business Client information.
Personal Data Collected Automatically. We automatically collect personal data related to the use of our Services and interactions with us and others, including information we collect automatically (e.g., using cookies, pixel tags and other technologies), as well as information we derive from the use of the Services. Such information includes:
Generally, we collect, use and otherwise process the personal data we collect for the following purposes:
Generally, we disclose the personal data we collect in order to provide our Services to our Business Clients, respond to and fulfill orders and requests, as otherwise directed or consented to by you, and for the purposes otherwise described in this Policy, including:
We disclose and make available personal data, for the purposes described above, to:
Aggregate and de-identified information. We may disclose aggregated derived from our Services and the personal data we collect, that does not identify or refer to any particular individual or Business Client. We may also disclose de-identified information, which is no longer reasonably linkable to an identifiable individual or Business Client, with third parties who have committed not to attempt to re-identify such data. We do not reidentify de-identified information.
We work with third parties, such as ad networks, analytics and measurement services and others to personalize content and to display and manage our advertising on third party sites. Cookies, pixel tags, and other tools are used to collect information within our Services and on third party sites and services for the purposes of providing more relevant ads and content and to evaluate the success of such ads and content.
Ad Preferences We make available several ways for you to manage your preferences regarding third party advertising and cookies within our Services. Most of these are browser and device specific, which means that you need to set the preference for each browser and device you use; in addition, if you delete or block cookies, you may need to reapply these preferences. Further, opting out of cookies and advertising as discussed below does not mean that you will no longer receive advertising content from us. You may continue to receive generic or “contextual” ads from us.
Custom Lists and Matching. Unless you have opted out, we may share certain hashed Business Client list information (such as your name, email address and other contact information) with third parties so that we can better target ads and content to our users, and others with similar interests, within third party sites, platforms and services. You may opt out of being targeted by us in this manner, as set forth in Section 7. Privacy Choices.
You have certain choices regarding our processing of your personal data. For example:
Residents of certain jurisdictions have additional rights, as set forth in Section 12. Additional Privacy Information for California Residents and Section 13. Additional Information For EEA/UK Residents).
For more information about our privacy practices and your privacy choices, you may contact us as set forth in Section 11. Contact Us.
Our Services are not designed for minors, and we do not knowingly collect personal data from children. If we discover that a minor has provided us with personal data in violation of applicable law, we will delete such information from our systems. If you’re a parent and you believe we have collected your minor’s information in violation of applicable law, please contact us as set forth below, in Section 11. Contact Us.
We have implemented safeguards that are intended to protect the personal data we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee security.
This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any updates to the Policy on our site.
If you have questions about this Policy or our privacy practices, you may contact us at Cordial Experiences, Inc., 402 W Broadway, Suite 700, San Diego, CA 92101, Attn: Privacy Officer or [email protected]
Last Updated: Sept 9, 2022
In this section, we provide additional information to California residents about how we handle their personal data, as required under California privacy laws including the California Consumer Privacy Act, as amended (“CCPA”). This section does not address or apply to our handling of personal data of our employees or applicants (see https://cordial.com/careers/) or that is exempt under the CCPA.
Note that these rights only apply to personal data that we collect and process under this Policy as a business or a controller. For personal data that we process on behalf of our Business Clients in our capacity as a processor or service provider, please submit your request directly to the Business Client, and we will provide reasonable assistance to that Business Client as necessary to enable them to respond to your requests to exercise your privacy rights.
Categories of Personal Data Under the CCPA
While our processing of personal data varies based upon our relationship and interactions with you, in this section we describe, generally, how we have collected, used, shared and disclosed personal data (as defined by the CCPA) about California residents in accordance with the CCPA.
Categories of Personal Data Collected and Disclosed. We have collected the following categories of personal data as a business or controller:
Identifiers: Includes direct identifiers, such as name, user ID, username, account number; unique personal identifier; phone number, email and physical address and other contact information; IP address and other online identifiers.
Business Client Records: Includes personal data, such as name, account name, user ID, contact information, account number, and financial or payment information that individuals who work for our Business Clients provide us in order to purchase or obtain our products and services. For example, this may include information collected when an individual registers for an account, purchases Services, or enters into an agreement with us on behalf of a Business Client.
Commercial Information: Includes browsing history, clickstream data, search history, and information regarding interactions with an internet site, application, or advertisement, including other usage data related to use of any of our Services or other online services.
Audio, visual and other electronic data: Includes audio, electronic, visual, thermal, olfactory, or similar information such as, temperature screenings and CCTV or other video footage (e.g., collected from visitors to our offices or online events), photographs and images (e.g., that you provide us or post to your profile) and call recordings (e.g., Business Client support calls).
Professional Information: Includes professional and employment-related information (such as current and former employer(s) and position(s), business contact information and professional memberships).
Inferences: Includes inferences drawn from any of the information identified above to create a profile or segment reflecting preferences, characteristics, behavior or attitudes.
Sources of personal data. In general, we may collect the categories of personal data identified above from the following categories of sources: directly from you; advertising networks; Internet service providers; data analytics providers; government entities; operating systems and platforms; social networks; data brokers; Business Clients; and other users who we notify you of or to which you consent.
Third parties with whom we disclose personal data. In general, we disclose personal data to service providers; affiliates; advisors and agents; regulators, government entities and law enforcement; affiliates and subsidiaries; advertising networks; data analytics providers; social networks; internet service providers, operating systems and platforms; Business Clients; and other users.
Purposes for collecting and disclosing. As described in more detail in Section 3. Purposes of Collection and Processing and Section 4. Disclosures of Personal Data, in general, we collect and process the above personal data for the following business or commercial purposes: Services and support; analytics and improvement; customization and personalization; marketing, advertising and campaign management; planning and managing events; in support of business transfers; research and surveys; security and protection of rights; governance, compliance, legal purposes and obligations; general business; operational support and otherwise upon notice or consent, as applicable.
Retention. We retain the personal data we collect as reasonably necessary for the purposes described above or otherwise disclosed to you at the time of collection. For example, we will retain transactional data for as long as necessary to comply with our tax, accounting and recordkeeping obligations, to provide customer service to our Business Clients, and for research, development and safety purposes, as well as an additional period of time as necessary to protect, defend or establish our rights, defend against potential claims, and for legal purposes.
Sales of personal data. The CCPA also requires that we disclose how we ‘sell’ personal data. Under the CCPA, a ‘sale’ is defined broadly. As such, while we do not disclose personal data to third parties in exchange for monetary compensation, we may, pursuant to the CCPA, sell Internet and electronic network activity information, and identifiers (not including government identifiers), which we may disclose or make available to ad networks, data analytics providers and social networks in support of advertising and campaign management, to analyze use of the Services, to optimize and develop our products and services, to improve and measure our ad campaigns, and to reach users with more relevant ads and content on third party sites and services. We do not, however, knowingly sell or share any personal data about minors under 16 years old.
California Residents’ Rights
CCPA Rights. In general, California residents have the following rights with respect to their personal data, subject to certain exceptions:
Do-not-sell (opt-out):California residents may opt out of sales of their personal data by submitting a request to our preference manager via the "Cookies Settings" or "Do not sell my personal information" (California residents) links, located in the footer on https://cordial.com
Right of deletion: to request deletion of their personal data that we have collected about them and to have such personal data deleted (without charge), subject to certain exceptions.
Right to know:
Right to correct: the right to request that a business that maintains inaccurate personal data about the resident correct that personal data.
Right to non-discrimination: the right not to be subject to discriminatory treatment for exercising their rights under the CCPA.
Submitting CCPA Requests. California residents may exercise their California privacy rights as set forth below subject to certain exceptions.
Requests to know, access, correct, and delete. California residents may submit requests to know, access, correct, and delete the personal data maintained by us in our role as a business through one of the following methods: logging into their account and emailing us at [email protected]
We will take steps to verify your request including by asking you to log into your account or we will match the information provided by you with the information we have in our records. In some cases, we may request additional information in order to verify your request or where necessary to process your request. If we are unable to adequately verify a request, we will notify the requestor. Authorized agents will be required to provide proof of their authorization, and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.
Requests to Opt Out of Sales. California residents may submit a request to opt out by:
For more information about our privacy practices, you may contact us as set forth in Section 11. Contact Us above.
13. Additional Information For EEA/UK Residents.
Cordial stores and processes personal data using servers located in the United States (“US”). However, certain of our Business Clients and processors may be located in areas outside of the US including in member states of the European Union (“EU”), Switzerland (together the “EEA”) and the United Kingdom (“UK”). As such, your personal data may be transmitted across international borders and processed in the US, which is a different country from that in which it was collected. Because the US may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective), we have implemented appropriate safeguards and international transfer mechanisms such as entering into and complying with Data Processing Agreements that incorporate the EU or UK Standard Contractual Clauses.
In addition, while EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework has been invalidated as a transfer mechanism as set forth by the US Department of Commerce (“Privacy Shield”) for the processing of personal data transferred from the UK, EU member countries and Switzerland to the US, Cordial previously certified and continues to adhere to the Privacy Shield principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, Recourse, Enforcement and Liability (“Privacy Shield Principles”). Therefore, Cordial is subject to the investigatory and enforcement powers of the US Federal Trade Commission. In connection with onward transfers, Cordial has responsibility for the processing of personal data that it receives and subsequently transfers to any third party, who is acting as an agent on Cordial’s behalf. Cordial commits to resolve complaints about the processing of your personal data.
If there is any conflict between the policies in this Policy and the Privacy Shield principles, the Privacy Shield principles shall govern with respect to EU, UK and Swiss individuals. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.
We will conduct regular compliance audits of our privacy practices to verify compliance with the Privacy Shield principles and this Policy. Any questions or concerns about our privacy practices should be sent to the address or email below. We will investigate and attempt to resolve any complaints and disputes regarding the use and disclosure of personal data in accordance with the provisions of this Policy.
In compliance with the Privacy Shield Principles, Cordial commits to resolve complaints about your privacy and our collection or use of your personal data. EU, UK and Swiss individuals with inquiries or complaints regarding this Policy should first contact us either at [email protected] or write to us at: Cordial Experiences, Inc., 402 W Broadway, Suite 700, San Diego, CA 92101, Attn: Privacy Officer.
Cordial has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to BBB EU Privacy Shield, a non-profit alternative dispute resolution provider located in the US and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. The Cordial Services of the BBB EU Privacy Shield are provided at no cost to you. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield panel.
Notice to EU Residents
The following terms, obligations, and rights apply only to individuals residing in the EU, UK or Switzerland if and to the extent we make our Services available to those individuals in our role as a controller.
1. Legal Basis for Processing Information. If you are located in the EU, UK or Switzerland, we rely on several legal bases to process your personal data. These legal bases include where:
If you have any questions about, or would like further information concerning, the legal basis on which we collect and use your personal data, please contact us by emailing [email protected]
2. Rights Under the General Data Protection Regulation. If you are located in the EU, UK or Switzerland, you have the following rights in respect of your personal data that we hold in our role as a controller:
If you wish to exercise one of these rights, please log into your account or email [email protected] Before acting on your request, we may request additional information to verify your identity. Please note that we may be legally or contractually prohibited from acting on your request. For example, if there is a legal requirement that we retain the personal data. For personal data that we process on behalf of our Business Clients in our capacity as a processor, please submit your request directly to the Business Client, and we will provide reasonable assistance to that Business Client as necessary to enable them to respond to your requests to exercise your privacy rights. To contact our designated Data Protection Officer, please send an email to [email protected]
You also have the right to lodge a complaint with your local data protection authority. Further information about how to contact your local data protection authority is available at https://ico.org.uk/global/contact-us for the UK and https://edpb.europa.eu/about-edpb/about-edpb/members_en for the EU.