WEBINAR: Getting Ready for Next-Generation Contract Lifecycle Management

Icertis Privacy Statement

Last Updated: March 1, 2023

This Privacy Statement is effective from the date mentioned above to comply with the European Union’s General Data Protection Regulation (“GDPR”) and the applicable national data protection acts of the relevant member states (including the United Kingdom) as well as the California Consumer Privacy Act of 2018 (“CCPA”) or any other applicable privacy law all as amended from time to time.

Icertis, Inc. and its affiliates and subsidiaries listed on our website (“Icertis”, “we”, “us”, and “our”) are committed to protecting your privacy and providing you with a safe online experience. This Privacy Statement covers the collection, use, and disclosure of personal information collected through the website at www.icertis.com (the “Website”) and limited amounts of personal information processed via the Icertis Contract Intelligence (ICI) Platform (“Platform”). In addition, this Privacy Statement applies to certain data processing purposes as described below. To make this Privacy Statement easier to read, the Website and the Platform are collectively called the “Services.” This Privacy Statement applies where it is referred to, e.g. in electronic communication messages.

In this Privacy Statement “personal information” means information relating to an identified or identifiable natural person, as defined in Art. 4 (1) GDPR. Examples include your name, telephone number, and email address.

In this Privacy Statement “personal information” means information relating to an identified or identifiable natural person, as defined in Art. 4 (1) GDPR. Examples include your name, telephone number, and email address.

Please note that unless otherwise stated herein, this Privacy Statement does not apply to personal information that the Platform processes on behalf of an Icertis subscriber (“Subscriber Data”). The Platform will process Subscriber Data only in accordance with the documented instructions of the Icertis’ subscriber as set forth in the applicable contract we have with the subscriber.

Collection of Your Personal Information

The categories of personal information we collect depend on how you interact with our Services.

  • Customer or Potential Customer.

 If you are affiliated with an Icertis customer or a potential Icertis customer, we may collect personal information such as your name, gender, business e-mail address, job title/job function/role/department, home or work address, telephone and fax number, and other related information. We also might obtain personal information about you from third-party business partners or sources, such as contact information provided by any of our referral partners or publicly available sources. We use this personal information for marketing activities or for Icertis customer and potential Icertis customer support, such as when you submit requests to us or send us emails in the context of our relationship as an actual or potential service provider to you.

  • Authorized User.

 If you are an authorized user of one of our subscribers, we may collect personal information associated with your Platform account such as your name, work email address, and information about how you use the Platform. We use this personal information for account provisioning and to improve our Service.

  • Supplier, Vendor, or Partner.

 If you are affiliated with an Icertis supplier, vendor, or partner, we may collect personal information from you such as your name, gender, business email address, job title/job function/role/department, home or work address, telephone and fax number, banking information (sole trader / independent contractors only) and other related information. We may collect personal information either directly from you or from other sources, such as from business contacts or publicly available sources. We use this personal information either to fulfill a contract with you, to pursue our legitimate interest to maintain a database on our suppliers, vendors, or partner, or in case of consent.

  • Job Applicants.

If you reply to one of the job openings or opportunities we post on our Website or on social media (e.g. LinkedIn), we will collect the personal information contained in your submission such as your maiden name, private email address and private telephone number, employment history, references, certificates, documents, work permit detail (if relevant), date of birth and age. Your personal information may be collected by an independent recruitment agency. We use this personal information to assess your suitability, aptitude, skills, and qualifications for employment with Icertis.

  • Subscriber Data. 

In some cases, our subscribers may permit us to process personal information contained in Subscriber Data documents the Platform processes on their behalf such as name and business email address, job function. We use this personal information to pursue our legitimate interest to improve and optimize Icertis’ offerings, provide information to machine learning mechanisms, and generate internal industry-relevant analyses through the use of algorithms.

  • Automatic Data Collection. 

When you interact with our Services online, we may automatically collect personal information about your device, including its hardware and software. This personal information can include your IP address, browser type, domain names, access times and referring website addresses, and other personal information about how you use the Services. We use this personal information to ensure network and information security, to market Icertis’ products and services, and to provide general statistics and analytics regarding the use of the Services according to our legitimate interests.

Use of Your Personal Information

Icertis collects and uses your personal information for a variety of business purposes, including:

To provide the Services or Information Requested, such as:

  • Fulfilling our contract with you or the organization on whose behalf you use the Services;
  • Managing your information and account;
  • Responding to questions, comments, and other requests;
  • Processing payment card and/or other financial information to facilitate your use of the Services;
  • Providing access to certain areas, functionalities, and features of our Services;
  • Answering requests for customer or technical support; and
  • Allowing you to register for events.

Administrative Purposes, such as:

  • Pursuing legitimate interests, such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention;
  • Contract management/administration (e.g., billing, etc.);
  • Measuring interest and engagement in our Services;
  • Improving the Services;
  • Developing new products and services;
  • Ensuring internal quality control and safety;
  • Authenticating and verifying individual identities;
  • Carrying out audits;
  • Communicating with you about your account, activities on our Services, and Privacy Statement changes;
  • Preventing and prosecuting potentially prohibited or illegal activities;
  • Assessing and recording information about a job applicant’s qualifications in order to decide to whom to offer the position;
  • Enforcing our contracts; and
  • Complying with our legal obligations.

Marketing Our Products and Services

We may use personal information to tailor and provide you with content and advertisements. We may provide you with these materials as permitted by applicable law.

If you have any questions about our marketing practices or would like to opt out of using your personal information for marketing purposes, you may contact us at any time as set forth below.

De-identified and Aggregated Information Use.

We may use personal information and other data about you to create de-identified and/or aggregated information, such as de-identified demographic information, de-identified location information, information about the device from which you access our Services or other analyses we create. De-identified and/or aggregated information is not personal information, and we may use and disclose such information in a number of ways, including research, industry analysis, analytics, and any other legally permissible purposes.

Information Sharing

We will share your personal information with third parties in the ways that are described in this Privacy Statement. Except as set forth in this Privacy Statement, Icertis does not sell, rent or lease its customer lists to third parties.

Affiliates and Service Providers

Icertis may share personal information with affiliates or third-party service providers, to provide services on our behalf (such as to perform statistical analysis, send you email or postal mail, provide customer support or otherwise support our business and the Services). All such third parties are required to maintain the confidentiality of your information.

Authorized Users

In cases where you use our Services as an authorized user on behalf of an organization that is our subscriber (e.g., your employer), that organization may access information associated with your use of the Services including usage and other data. Please note that your information may also be subject to that organization’s privacy policy. Icertis is not responsible for the privacy or security practices of our subscribers.

Other disclosures

Icertis will disclose your personal information if required to do so by law or in the good faith belief that such action is necessary or advisable to: (i) comply with law enforcement or national security requests and legal processes, such as a court order or subpoena; (ii) protect your, our or others’ rights, property, or safety; (iii) to enforce Icertis’ policies and contracts; (iv) to collect amounts owed to us; or (v) prevent financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity.

If Icertis is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, the transition of service to another provider, or sale of all or a portion of its assets, then your personal information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.

International Data Transfers

All personal information processed by us may be transferred, processed, and stored anywhere in the world, including but not limited to, the United States, India or other third countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard your personal information consistent with the requirements of applicable laws. Transfer of personal information to third countries is based on the appropriate standard contractual clauses issued by the European Commission. You may request a copy of the Clauses at any time by contacting us as set forth below.

Use of Cookies

The Website uses “cookies” to help you personalize your online experience. A cookie is a text file that is placed on your local storage (usually your browser’s storage) by a web page server. Cookies are useful to personalize your online experience.

Disabling Cookies. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser preferences to block or restrict them. The “help” portion of the toolbar on most browsers will tell you how to disable and manage your cookies settings. If you disable cookies you may still browse public areas of the Website, but some features and services may not function.

Website Analytics. As is true of most websites, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use automated devices and applications, such as Google Analytics, to evaluate the usage of our Website. We also may use other analytic means to evaluate our Services. We use these tools to help us improve our Services, performance, and user experiences. We may link this automatically-collected data to personal information that can be used to identify you in the real world.

For more information about how Google Analytics uses data, please visit www.google.com/policies/privacy/partners/. You can opt-out of Google Analytics collection and processing of data generated by your use of the Website by going to http://tools.google.com/dlpage/gaoptout.

Advertising. We partner with third parties to either display advertising on our Website or to manage our advertising on other sites. Our third-party advertising partners may use technologies such as cookies to gather information about visitor and customer activities on our Website and other sites in order to provide advertising based upon visitor and customer browsing activities and interests.

You may stop or restrict the placement of these advertising cookies on your device or remove them by adjusting your preferences as your browser or device permits.

The online advertising industry also provides websites from which you may opt-out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these websites and learn more about targeted advertising and consumer choice and privacy,

at www.networkadvertising.org/managing/opt_out.aspwww.youronlinechoices.eu/https://youradchoices.ca/choices/, and www.aboutads.info/choices/.

You must separately opt-out in each browser and on each device. Please note this does not opt you out of being served non-personalized ads on our Website.

For more information about Cookies, the Website uses, please visit our Cookie Policy at https://www.icertis.com/privacy-statement/cookie-policy/

Opt-Out

If you subscribe to our newsletter(s), or if otherwise permitted by law, we will use your name and email address to send promotional material and periodic updates to you. You may choose to stop receiving these communications by following the unsubscribe instructions included in these emails or you can contact us at GlobalDPA@icertis.com.

Do Not Track

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

Our Lawful Basis for Processing

Icertis’ processing of your personal information may be supported by the following lawful bases:

  • Performance of a Contract: Icertis processes personal information where it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract with you.
  • Legitimate Interest: Icertis processes personal information to further its legitimate interests but only where its interests are not overridden by your interests or fundamental rights and freedoms.
  • Consent: In some cases, Icertis also relies on your consent to process personal information. You can withdraw your consent at any time, which will not affect the lawfulness of the processing before your consent was withdrawn. If you would like to withdraw your consent, you may contact us at any time as set forth below.
  • Compliance with our Legal Obligations: Icertis processes personal information to comply with its legal obligations.

Data Subject Rights

For purposes of the CCPA, we do not “sell” your personal information.

In accordance with applicable law, you may have the right to request: (i) access to your personal information; (ii) rectification of your personal information; (ii) erasure of your personal information; (iii) restriction of processing of your personal information; (iv) portability of your personal information; (v) objection to the lawfulness of the processing of personal information; (vi) to withdraw your consent; and (vii) to not be subject to a decision based solely on automated processing, subject to certain exceptions prescribed by law.

Access: You have the right to obtain confirmation that we process data related to you and you have a right to a copy of that data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.

Objection: Please note that if you object to the lawfulness of the processing of personal information, this may affect our ability to carry out tasks for your benefit or to conduct business and provide services to the customer, supplier for whom you are acting, or to consider applications of employment applicants and/or hire you. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.

If you would like to exercise any of these rights, please contact us at https://www.icertis.com/company/contact/ or GlobalDPA@icertis.com.

We will process such requests in accordance with applicable laws. To protect your privacy, we will take steps to verify your identity before fulfilling your request.

If you are a California resident, you have the right not to receive discriminatory treatment by Icertis for the exercise of your rights conferred by the CCPA.

If you are a resident of Nevada, you have the right to opt out of the sale of certain personal information to third parties who intend to license or sell that personal information. You can exercise this right by contacting us at GlobalDPA@icertis.com with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A.

Security of Your Personal Information

The security of personal information is very important to us. Icertis uses commercially reasonable efforts to put measures in place that are designed to secure your personal information from unauthorized access, use, or disclosure. We use commercially reasonable efforts to follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. That said, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot guarantee the security of any information you provide to us. To the fullest extent permitted by applicable laws, we do not accept liability for unauthorized access, use, or disclosure. If you have any questions about security on the Website, you can contact us at itsecure@icertis.com.

Retention of Personal Information

We will retain your personal information for as long as your account is active, as needed to provide you with Services and as necessary to comply with our legal obligations, resolve disputes, enforce our contracts, or where there is a legitimate interest pursued by us or a third party that is not overridden by your personal rights and freedoms.

Third-party Links

Our Services may include links to other websites and/or applications whose privacy practices may differ from those of Icertis. If you submit personal information to any of these third-party services, your personal information is governed by their privacy policies. Icertis is not responsible for the privacy statements, content, or practices on third-party websites or applications.

Complaints where we process as a data importer

If you believe that our processing of your personal violates your rights you can lodge a complaint directly with us. To do so, please send your complaint to GlobalDPA@icertis.com.

Supervisory Authority

If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law.

Updates to the Privacy Statement

This Privacy Statement may be amended from time to time, at our sole discretion. If there are any material changes to this Privacy Statement, we will notify you as required by applicable law which may include posting to our intranet, sending an email, or other means.

Contact Information

If you believe that Icertis has not adhered to this Privacy Statement or have questions or if you wish to exercise any of your rights, please contact Icertis at GlobalDPA@icertis.com. Or you can reach us by telephone or mail at the contact information listed at https://www.icertis.com/company/contact/.

EU Representative of Icertis Inc. and its non-EU affiliates
Icertis GmbH
Email: legal@icertis.com
Address:
Skyper Taunusanlage 1
60329 Frankfurt a.M.
Germany

UK Representative of Icertis Inc. and its affiliates
Icertis Group Limited
Email: Legal@icertis.com
Address:
Suite 2 First Floor
10 Temple Back
Bristol BS1 6FL
United Kingdom

Global Data Protection Officer
Email: GlobalDPA@icertis.com
Address:
Icertis Inc.
14711 NE 29th Place
Suite 100
Bellevue WA 98007
USA

Data Protection Officer for Icertis GmbH (Germany)
Name: DMC Datenschutz Management & Consulting GmbH & Co. KG
Email: info@dmc-datenschutz.de
Address:
Belvederestraße 65
50933 Köln
Germany