Echo360 PolicIES

Last Updated on October 1, 2024

PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND HOW WE TREAT YOUR PERSONAL INFORMATION AND WHAT CHOICES AND RIGHTS YOU HAVE IN THIS REGARD. IF YOU DO NOT AGREE WITH THE TERMS AND CONDITIONS OF THIS POLICY, YOU SHOULD NOT ACCESS OR USE OUR SITE AND PLATFORM OR ENGAGE IN COMMUNICATIONS WITH US.

Turning Tech Intermediate, Inc. d/b/a Echo360 and is wholly owned subsidiaries and affiliates (“Echo360,” “we,” “us,” or “our”) is strongly committed to protecting the privacy and security of the personal information we collect, use, share, and otherwise process as part of our business. We also believe in transparency, and we are committed to informing you about how we treat your Personal Information. We have established this Privacy Policy (the “Policy”) to inform you about the privacy practices that we apply to personal information and inform you about your rights and choices in this regard.

Personal Information means any information or set of information, whether alone or in combination with other Personal Information, processed by us, which is sufficient to identify an individual (“Personal Information”). Personal Information does not include information that is anonymous, nor does it include publicly available information that has not been combined with non-public Personal Information. For Personal Information (or Personal Data) originating from or processed in the EEA, as defined below, those terms shall have the meaning given to it in the “Rights of EU/EEA Residents” and “International Data Transfers” sections of this Policy.

What processing activities are covered by this Policy?  This Policy applies to the processing of Personal Information or Personal Data when you visit our websites https://www.echo360.com/ or https://www.inkling.com/ and any features, subdomains, content, functionality, services, media, applications, or solutions offered on or through our websites (collectively referred to as the “Sites” or singularly, as the  “Site”).  By accessing and using the Site, or by otherwise signaling your agreement when the option is presented to you, you consent to the collection, use and disclosure of information as described in this Policy. This Policy only governs the Site, and it does not govern off-line data collection, or any other website or service operated by third parties that do not specifically refer to this Policy. Any materials submitted through the Site and your use of the Site are subject to the our Terms and Conditions: https://echo360.com/terms-and-conditions/ or the Inkling Terms of Use: https://www.inkling.com/terms/, respectively.

“Processing” shall mean any operation or set of operations that is performed upon Personal Information or Personal Data or sets thereof, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction and the verb “to process” shall be construed accordingly.

Who is responsible for your personal information? If you are a user in the European Union (“EU”) or European Economic Area (“EEA”), for purposes of the EU General Data Protection Regulation 2016/79 the “GDPR”), we act as a data controller with respect to the Personal Data described in this Policy.  In this role, we are responsible for implementing the applicable data protection principles and for safeguarding Personal Data.  We also recommend you consult the “Rights of EEA Residents” and “International Data Transfers” sections of this Policy for more information about provisions that may apply to you.

When processing personal information, we shall follow these principles:

• Our endeavors to inform persons whose Personal Information we collect, in accordance with applicable law, when those persons are first asked to provide personal information to us, or as soon as practicable thereafter. This includes providing information about (i) the purposes for which we collect and use the Personal Information, (ii) the types of third parties to which we disclose (or may disclose) that Personal Information, and (iii) the choices and means we offer the subjects of the Personal Information for limiting the use and disclosure of their Personal Information.
• Unless permitted by applicable law, no Personal Information is collected without first obtaining the consent of the individual for the collection, use and disclosure of that Personal Information. In some circumstances the consent for us to collect Personal Information may arise from the nature of the relationship between us and the individual, or an individual’s interaction with us, such as by using our website or engaging in a transaction with us.
• We will collect your Personal Information only for specified and legitimate purposes. The information we collect will be relevant, adequate and not excessive for the purposes for which it is collected.
• We will process your Personal Information in a manner consistent with the purposes for which it was originally collected or to which you have subsequently consented.
• We will take commercially reasonable steps to ensure that your Personal Information is reliable for its intended use, accurate, complete, and, where necessary, kept up-to-date.
• We will not use your Personal Information for direct marketing purposes without giving you an opportunity to “opt-out.”
• We will take appropriate measures, by contract or otherwise, to provide adequate protection for Personal Information that is disclosed to a third party or transferred to another country, including transfers within us.
• When you provide Personal Information to us, you acknowledge that you have read this Policy and, where required under applicable law, consent to the collection, use and disclosure of your Personal Information in accordance with this Policy and other applicable Echo360 and/or Inkling policies. You may, as provided by applicable law, be free to refuse or withdraw your consent.
• We, and third parties on its behalf, as more fully set forth herein, use the Personal Information collected from you for purposes such as, but not limited to, user registration; administering and tracking a purchase, payment, return, warranty or rebate; arranging for services; inviting participation in online surveys; requesting feedback on products and services; and otherwise communicating with you through various channels.

We collect and process the following Personal Information from you for the purposes set forth below.

Category	Types of Data and Purpose
Identity Information	Any factual or subjective information about an identifiable individual, which may include, but not be limited to, first name, last name and email address, as well as profile information that you choose to provide for your profile, such as your username, password, preferences, and other information you provide for your profile.  We will collect this Personal Information with your express consent or as otherwise permitted by applicable law. This information is necessary to enable us to provide you the account you have requested and to maintain the account and your profile.  You may update your account information by editing the information associated with your account. We process Identity Information to provide our Site, to provide our services to you, to honor our terms of use and contracts, to ensure the privacy and security of our Site and services, to maintain our databases and back-ups, to manage our relationships with you, to communicate with you, and to keep records of our communications with you. The legal basis for this processing is consent or, where applicable, our legitimate interests in the proper administration of our Site and business, the proper management of our customer relationships, and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
Contact Information	You may provide to us your first name, surname, title, government ID, type, and number, as well as your email address, physical address, and phone number. We process Contact Information to provide our Site, to provide our services to you, to honor our terms of use and contracts, to ensure the privacy and security of our Site and services, to maintain our databases and back-ups, to manage our relationships with you, to communicate with you, and to keep records of our communications with you. The legal basis for this processing is consent or, where applicable, our legitimate interests in the proper administration of our Site and business, the proper management of our customer relationships, and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
Social Network Information	You may connect with us through a third-party social network, such as Facebook, Twitter, LinkedIn and other networks (each, a “Social Network”). If you choose to do so, we may collect information from your profile on such Social Network, such as your name, username, and email address. In addition, our Site offers features that will allow you to share information from our Site to a Social Network or share information from our Social Network sites. If you decide to use such features, they may allow the sharing and collection of information both to and from such Social Network so you should check the privacy policy of each Social Network before using such features. We process and integrate Social Network Information to provide our Site and services, to manage our relationships with you, to communicate with you, and to keep records of our communications with you. The legal basis for this processing is consent or, where applicable, our legitimate interests in the proper administration of our Site and business and the proper management of our customer relationships.
Cookies and Similar Technologies	When you visit the Site, we collect cookies and use similar technologies as described in the “Cookies and Similar Technologies” section of this Policy. If you choose to disable cookies and similar technologies, some areas and features of the Site may not work properly. Please see the “Cookies and Similar Technologies” section of this Policy for more information. We process Cookies and Similar Technologies to analyze use of the Site and our services, to operate the Site, to serve you the content and functionality you request, to ensure the privacy and security of our Site and services, to develop new services, to enhance your experience, to track visits to the Site, to provide you with a more personal and interactive experience on the Site, and for usage analytics. We rely on your express opt-in consent for the use of marketing, performance, and analytic cookies and similar technologies. The legal basis for processing of strictly necessary cookies is our legitimate interests in the proper administration of our Site and business.
Usage Data	When you visit our Site, we automatically collect information from your browser or device, which includes the date and time of your visit as well as your location, Internet Protocol (IP) address, unique device identifier, language preference, device type, browser type, domain server, access time, referring website, mobile network information, data about which pages you visit, support document searches, features enabled for your account, and interactions with other parts of our Site. We process Usage Data to analyze use of the Site and our services, to operate the Site, to serve you the content and functionality you request, to ensure the privacy and security of our Site and services, to develop new services, to enhance your experience, to track visits to the Site, and to provide you with a more personal and interactive experience on the Site, and for usage analytics. The legal basis for this processing is our legitimate interests in monitoring and improving our Site and services.
Location Information	When you visit our Site, we may determine your approximate location from your Internet Protocol (IP) address. We process Location Information to analyze use of the Site and our services, to operate the Site, to track visits to the Site, to provide you with a more personal and interactive experience on the Site, and for usage analytics.  The legal basis for this processing is our legitimate interests in monitoring and improving our Site and services.
Feedback or Support Inquires, Marketing and Communications Preferences	If you provide us with feedback or respond to surveys, we will collect your name, email address, phone number, marketing preferences, communications preferences, and any written correspondence or comments provided by you. We process Feedback or Support Inquiries to operate the Site and services, to manage our relationships with you, to improve our customer service, to communicate with you, and to keep records of our communications with you.  The legal basis for this processing is consent or, where applicable, our legitimate interests in the proper administration of our Site and business, the proper management of our relationships, and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
Contact Us Data	If you contact us, we collect your email address and the content of your correspondence to us. We process Contact Us Data to operate the Site and services, to ensure the privacy and security of our Site and services, to maintain our databases and back-ups, to manage our relationships with you, to improve our customer service, to communicate with you, and to keep records of our communications with you. The legal basis for this processing is consent or, where applicable, our legitimate interests in the proper administration of our Site and business, the proper management of our relationships, and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.

 

Additional Personal Data We May Collect:

Payment Data. If you sign up for Paid Services, we receive a portion of your payment information from our payment processor (such as the last four digits, the country of issuance and the expiration date of the payment card) and we ask you to select your jurisdiction.

Communications Data. The emails and other communications that you send us or otherwise contribute, such as customer support inquiries or posts to our customer message boards or forums. Please be aware that information on public parts of our sites is available to others. We may also collect information you share with us in connection with surveys, contests or promotions.

Sub-Domain Data. Information from your use of our services or users’ sub-domains. This may include: IP addresses, preferences, information about your browser, network or device (such as browser type and version, operating system, internet service provider, preference settings, unique device IDs and language and other regional settings), information about how you interact with the Services and our Users’ sub-domains (such as timestamps, clicks, scrolling, browsing times, searches, transactions, load times, and problems you may encounter, such as loading errors).

Partner Information. Information we get from our partners to support our marketing initiatives, improve our services and better monitor, manage and measure our ad campaigns, such as details about when our partner shows you one of our ads on or via its advertising platform.

Third-Party Services. Other information you submit to us directly or through third-party services if you use a third-party service to create an Account (based on your privacy settings with such third-party service).

Invite A Friend.  Users may invite and share or gift content to other users.  Users are asked to provide the friend’s email address so that we may fulfil your request to invite or share or gift content with the other user.  If you submit any Personal Information about other people to us or to our service providers, you represent that you have the authority to do so and to allow us to use their Personal Information in accordance with this Privacy Policy (for example, by asking for their consent).

Is entry of personal information required? The entry of Personal Information is required to access certain portions of the Site.  You may choose not to provide us with any Personal Information and may still access certain portions of the Site but will not be able to access any portions of the Site that require your Personal Information.

In addition, where we need to process your Personal Information either to comply with law, or to perform the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with the functionalities of the Site).  In this case, we may have to stop you from using our Site and terminate the contract you have with us. We will notify you if this is the case at that time.

Aggregated Data. We also collect, use and share “Aggregated Data” such as statistical or demographic data for any purpose. Aggregated Data may be derived from your Personal Information, but once in aggregated form it will not constitute Personal Information for the purposes of the GDPR as this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your Personal Information so that it can directly or indirectly identify you, we treat the combined data as Personal Information which will be used in accordance with this Privacy Policy.

No Special Categories of Personal Information.  We do not require, request or track any “Special Categories of Personal Information” or “Sensitive Personal Information” about you, including but not limited to, details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, status as transgender or non-binary, status as a victim of crime, or citizenship or immigration status, precise location data, children’s data, genetic and biometric data, political opinions, trade union membership, and information about your health, your financials, credit history, birth date, social security number or other government issued identification number.  Nor do we collect any information about criminal convictions and offenses. None of this type of information is required for use of the Site or our services. Any entry of this information is at your sole and voluntary risk and Echo360 shall bear no responsibility and have no liability therefor.

No Protected Health Information.  We do not collect, store, maintain, or use any Protected Health Information (“PHI”) as that term is defined in the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”), or any other type of health information as defined under any state, federal or foreign laws.  You are expressly prohibited from entering, submitting, disclosing, or otherwise providing any PHI through or by the Site and the user of our services; any violation of this section is at your sole and voluntary risk and Echo360 shall bear no responsibility and have no liability therefor.

Other Processing Activities. We may process any of the Personal Information identified in this Policy for any of the following purposes:

• Provision of our services and products. Create and manage your account, provide and personalize our services, process payments and respond to your inquiries.
• To protect your vital interests.
• Communicating with you. To respond to communications, reach out to you about your transactions or account, market our products and services, provide other relevant information, or request information or feedback. From time to time, we may use your Personal Information to send important notices, such as communications about purchases and changes to our terms, conditions, and policies. Because this information is important to your interaction with us, you may not opt out of receiving these important notices.
• Surveys and contests. Administer surveys, contests and other promotions.
• Customizing the services. Provide you with customized services. For example, we use your location information to determine your language preferences or display accurate date and time information. We also use cookies and similar technologies for this purpose.
• Improving our Services. Analyze and learn about how the services are accessed and used, evaluate and improve our services (including by developing new products and services and managing our communications) and monitor and measure the effectiveness of our advertising. We usually do this based on anonymous, pseudonymized or aggregated information which does not focus on you individually. For example, if we learn that most users of paid services use a particular integration or feature, we might wish to expand on that integration or feature.
• Security and Fraud Protection. To protect individuals, employees, and us and for loss prevention and to prevent fraud, including to protect individuals, employees, and us for the benefit of all our users, and prescreening or scanning uploaded content for potentially illegal content, including child sexual exploitation material.
• Third-party relationships. Manage our vendor and partner relationships including determining when and how to advertise on third party sites.
• Enforcement. Enforce our end user subscription agreement and other legal terms and policies.
• Protection. Protect our and others’ interests, rights and property (e.g., to protect our users from abuse).
• Complying with law. Comply with applicable legal requirements, such as tax and other government regulations and industry standards, contracts and law enforcement requests, as well as to keep records of our compliance processes.
• The establishment, exercise, or defense of legal claims, whether in court, administrative, or other proceedings. (The legal basis for such processing is our legitimate interest in the protection and assertion of our legal rights, your legal rights, and the legal rights of others.).
• Because our legitimate interests, or those of a third-party recipient of your Personal Information, make the processing necessary, provided those interests are not overridden by your interests or fundamental rights and freedoms.
• Obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice (the legal basis for this processing is our legitimate interest in the proper protection of our business).
• Purposes that are consistent with, related to and/or ancillary to the purposes and uses described in this Policy for which your personal information was provided to us.

If we need to use your Personal Information for an unrelated purpose, we will update this Privacy Policy and we will explain the legal basis which allows us to do so.

We do not use Personal Information for making any automated decisions affecting or creating profiles other than as described herein.

Marketing Communication Preferences:  We process your Personal Information to contact you with information regarding services that may be of interest to you. You can ask us to stop sending you marketing messages at any time by following the update email preferences or unsubscribe links on any marketing message sent to you or by contacting us at any time using the contact details in the Contact Us section. Please note that we may still find it necessary to communicate with you regarding your use of the Site.

Google API Services Compliance

We utilize certain Google API Services including, but not limited to, Google Classroom, in connection with the EchoPoll service we provide to you.  Our Site’s use and transfer of information received from or provided to Google APIs will adhere to Google API Services User Data Policy, found at the following link: https://developers.google.com/terms/api-services-user-data-policy, including its Limited Use requirements as set forth in the Limited Use section of this policy.  Specifically, we collect certain data from you via surveys, questionnaires, and quizzes provided through EchoPoll and we provide that data to Google API for the purpose of data analytics, and to support our continued provision and enhancement of services to you, in addition to the identified Processing Activities listed in “Other Processing Activities”.

End Users Personal Information

Our customers may establish a sub-domain using services and are responsible for what they do with the Personal Information they collect about their End Users.  This section is directed to such customers.

If you are one of our Users, you may collect Personal Information about your End Users. For example, you may ask your End Users to provide their name, and email address in order to establish an account for them. You are solely responsible for complying with any laws and regulations that apply to your collection and use of your End Users’ information, including Personal Information you collect about them.

You may choose to publish your own privacy policy and comply with them. We are not liable for your relationship with your End Users or how you collect and use Personal Information about them (even if you collect it through the use of our functionality) and we will not provide you with any legal advice regarding such matters nor will we defend or represent you in any way with regard to any disputes with your End Users.

How and When Is Your Information Shared With Other Parties? We may share your information in the following contexts, but we will not share your Personal Information if such sharing is prohibited by applicable privacy and data protection law. We do not sell, trade or license Personal Information about our users for marketing purposes.

Where permitted by applicable law, we may share your Personal Information in the following contexts. If we are acting as a data processor, disclosures in the following contexts will be limited in accordance with the instructions from the data controller.

Category	Context
Corporate Affiliates	We may share your Personal Information with our corporate subsidiaries and affiliates and with their respective officers, directors, employees, accountants, attorneys and agents.
Service Providers	We may share your Personal Information with our contractors, service providers, and other third parties that need access to your information to provide operational or other support services on our behalf.  Among other things, service providers help us to administer the Site; support our provision of services requested by you; send marketing promotions and communications to you about our services; provide payment processing; provide technical support; and assist with other legitimate purposes permitted by law.
Legal Obligations and Rights	We may disclose your Personal Information in response to subpoenas, warrants, court orders or other legal process, or to comply with relevant laws.  We may also share your Personal Information in order to establish or exercise our legal rights, to defend against a legal claim, and to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our Terms of Use or other contracts.  We may also disclose Personal Information as needed to protect vital interests.
Acquisitions and Similar Transactions	We may share your Personal Information in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our company assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us is among the assets transferred.
Disclosures with Consent	We may share your Personal Information to fulfill the purpose(s) disclosed by us when you provided your Personal Information and for which you have provided consent.  We may further ask if you would like us to share your Personal Information with other unaffiliated third parties who are not described elsewhere in this Policy. We will only disclose your Personal Information in this context with your consent.
De-identified or Aggregated Data	We may disclose aggregated information about our users, and information that does not identify any specific individual, such as groupings of demographic data or customer preferences, for new services and marketing development.
Professional Advisors	We may share your Personal Information with our insurers and other professional advisors, including attorneys and accountants, that need access to your information to provide operational or other support services on our behalf.
Process Payments	We may disclosure your identity data and payment data via an encrypted connection to our payment processor.

 

We retain and use your Personal Information for as long as is necessary to fulfill the purposes for which it was collected, to comply with our business requirements and legal obligations, to resolve disputes, to protect our assets, to provide our services, and to pursue legitimate business purposes, to enforce our agreements.

We take reasonable steps to delete the Personal Information we collect when (1) we have a legal obligation to do so, (2) we no longer have a purpose for retaining the information, and (3) if you ask us to delete your Personal Information, unless we determine that doing so would violate our existing, legitimate legal, regulatory, dispute resolution, contractual, or similar obligations. We may also decide to delete your Personal Information if we believe it is incomplete, inaccurate, or that our continued storage of your Personal Information is contrary to our legal obligations or business objectives.

To the extent permitted by law, we may retain and use anonymous, de-identified, aggregated information for performance reporting, benchmarking, and analytic purposes and for product and service improvement.  When we delete data, it will be removed from our active servers and databases; but it may remain in our archives when it is not practical or possible to delete it.

We are required by law to maintain records of consumer requests submitted under the California Consumer Privacy Act and how we responded to such requests for at least twenty-four (24) months.  We only use this information for recordkeeping purposes.  If you are a resident of California, please see the California Residents section for more information.

We have put security measures in place to protect the Personal Information that you share with us from being accidentally lost, used, altered, or disclosed or accessed in any unauthorized manner.  From time to time, we review our security procedures to consider appropriate new technologies and methods.

While our security measures seek to protect the Personal Information in our possession, no security system is perfect, and no data transmission is 100% secure.  As a result, while we strive to protect your Personal Information, we cannot guarantee or warrant the security of any information you transmit to or from the Site. Your use of the Site is at your own risk.  We cannot guarantee that your data will remain secure in all circumstances.

We have implemented reasonable security measures to detect fraudulent identity-verification activity and to prevent the unauthorized access to or deletion of Personal Information.  Our information security program is based on the internationally recognized standards of ISO 27001 and AICPA SOC2 (SSAE 18). Our key business systems are GDPR, CCPA, and CPRA compliant and certified as SOC2 compliant. Systems and processes have been scrutinized for limiting access to only required personnel, and the proper protections and restrictions to physical accessibility have been implemented to secure your Personal Information from accidental loss and from unauthorized access, use, alteration or disclosure.  We use reasonable security measures when transmitting Personal Information to consumers in responding to requests under the California Consumer Privacy Act.

The safety and security of your Personal Information also depends upon you.  Where you use a password for access to restricted parts of the Site, you are responsible for keeping your password confidential.  Do not share your password with anyone.

If a data breach compromises your Personal Information, we will notify you and any applicable regulator when we are required to do so by applicable law.

Please use the “Contact Us” details at the end of this Policy to exercise your rights and choices under this Policy.  If you would like to manage, change, limit, or delete your Personal Information nor if you no longer want to receive any text message or email contact from us in the future, such requests may be submitted via the “Contact Us” details at the end of this Policy.

Communication Preferences. If you no longer wish to receive communications from us via email, you may opt-out of certain types of communications (as described below) by clicking the “unsubscribe” link at the bottom of our emails or by contacting us at the “Contact Us” details provided at the end of this Policy and providing your name and email address so that we may identify you in the opt-out process.  Once we receive your instruction, we will promptly take action.

• Communications Regarding Our Services. We will send you email notifications and free newsletters from time to time with offers, suggestions and other information. You may “opt-out” from receiving such communications by following the “Unsubscribe” instructions provided in the email.
• Legal or Security Communications.We also send out notices that are required for legal or security purposes. For example, certain notifications are sent for your own protection. In other cases, these notifications involve changes to various legal agreements, such as this Policy or the Terms of Service. Generally, you may not opt out of such emails.
• Account and Order Communications. If you subscribe to our services, we may send you communications regarding such services. We may also send communications providing customer support or responses to questions regarding the operation of the services. Generally, you may not opt out of such emails
  
  

Cookies.  A “cookie” is a small file created by a web server that can be stored on your device (if you allow) for use either during a particular browsing session (a “session” cookie) or a future browsing session (a “persistent” or “permanent” cookie). “Session” cookies are temporarily stored on your hard drive and only last until they expire at the end of your browsing session. “Persistent” or “permanent” cookies remain stored on your hard drive until they expire or are deleted by you. Local shared objects (or “flash” cookies) are used to collect and store information about your preferences and navigation to, from, and on a website. First-party cookies are set by the website you’re visiting, and they can only be read by that site. Third-party cookies are set by a party other than that website.

First and Third-Party Cookies.  Our Site use 1st party cookies (set by us), 3rd party cookies (which are set by third parties), and other similar technologies. First party cookies are set by us.  Third party cookies are set by third parties when you access some content or applications, including advertisements, on our Site. These third parties include advertisers, ad networks and servers, content providers, application providers, and social media sites. Unless you set your browser to refuse cookies as described below, these third parties may use cookies (alone or in conjunction with web beacons or other tracking technologies) to collect information about you when you access our Site. The information they collect may be associated with your Personal Information or they may collect information, including Personal Information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising and other targeted content. We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about advertisement or other targeted content, you should content the responsible provider directly. Below is a list of the different types of cookies that we use on our Site.

Essential Cookies and Similar Technologies. Essential cookies and other similar technologies used by us enable you to navigate the Site and use their services and features. Without these essential cookies, the Site will not perform correctly, and we may not be able to provide the Site to you or provide you with certain services or features of our Site.

Preference Cookies and Similar Technologies. Preference cookies collect information about your choices and preferences and allow us to remember language and other local settings and to customize our Site accordingly.

Social Media Cookies and Similar Technologies. Social Media cookies and other similar technologies used by us collect information about your use of social media websites.

Other Similar Technologies.  In addition to cookies, there are other automatic data collection technologies, such as Internet tags, web beacons (clear gifs, pixel tags, and single-pixel gifs), and navigational data collection (log files, server logs, etc.) that can be used to collect data as users navigate through and interact with a website. For example, web beacons are tiny graphics with unique identifiers that are used to understand browsing activity. In addition, UTM codes are strings that can appear in a URL when you move from one web page or website to another. The string can represent information about browsing, such as which advertisement, page, or publisher sent the user to the receiving website.

Analytics Cookies and Similar Technologies.  Analytics cookies and other similar technologies used by us collect information about your use of the Site and enable us to improve the way they work and operates. Specifically, analytics cookies provide us with information regarding what the most frequently visited pages on the Site are, help us record and debug any issues you may have with the Site, and show us how effective our advertising is. These analytics cookies do not allow us to see the usage of a single user but does allow us to see overall patterns of usage on the Site. We do not examine this information for individually identifying information, but we do use this information to understand the traffic on our Site.

Advertising Cookies and Similar Technologies. Advertising and other similar technologies used by us cookies are used to display targeting promotions or advertisements based on your use of the Site and interests and to manage our use of advertising resources. These cookies collect information about your activities on this and other sites to provide you with interest-based advertising. You can learn more about interest-based advertisements and your opt-out rights and options from members of the Network Advertising Initiative (“NAI”) on its website (www.networkadvertising.org) and from members of the Digital Advertising Alliance on its website (www.aboutads.info). We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can also opt out of receiving targeted ads from members of the NAI on its website.

Facebook. We use Facebook’s technologies to serve relevant advertisements and to track Facebook ad-driven visitor activity. Facebook Connect also gives you the option to post information about your activities to your profile page to share with others within your network by using a single sign-in service to authenticate your identity. You may learn more about Facebook’s policies by visiting https://www.facebook.com/policy.php, and you can also find instructions for opting out of receiving advertisements via that page.

HubSpot.  We use HubSpot to collect, monitor, and analyze navigational information from your web browser, your IP address, and the actions you take the Site, such as the web pages viewed and the links clicked, to increase the functionality of the Site and our services.  To opt out of HubSpot’s processing of your information for analytics purposes please visit this page: https://privacyportal.onetrust.com/webform/9fd092df-0b2a-4194-89f1-820b83267af4/13da1ce4-8542-4d34-a84c-379495aa666c. For more information on the privacy practices of HubSpot, please visit the HubSpot Privacy Policy web page: https://legal.hubspot.com/privacy-policy.

Google Analytics. We use Google Analytics to collect and process statistical data about the number of people using the Site and to better understand how they find and use the Site. The data collected includes data related to your device/browser, your IP address, and on-site activities to measure and report statistics about user interactions. The information stored is reduced to a random identifier. Any data collected is used in accordance with this Policy and Google’s privacy policy. You may learn more about Google Analytics by visiting https://www.google.com/policies/privacy/partners/ and https://support.google.com/analytics/answer/6004245. You can learn more about Google’s restrictions on data use by visiting the Google Privacy Policy at: https://www.google.com/policies/privacy. To opt-out of Google Analytics, visit https://tools.google.com/dlpage/gaoptout and install the opt-out browser add-on feature. For more details, visit the “Google Analytics opt-out browser add-on” page located at https://support.google.com/analytics/answer/181881?hl=en.

Google Tag Manager. We use Google Tag Manager, which allows marketed website tags to be managed using an interface. The tool itself (which implements the tags) does not use cookies and does not register identifiable data. The tool causes other tags to be activated which may, for their part, register personal data under certain circumstances. Google Tag Manager does not access this information.  Google Tag Manager is subject to the Google Privacy Policy located at https://www.google.com/intl/en/policies/privacy.

Google Marketing. We use Google’s marketing technologies (DoubleClick) to track user activity and to serve personalized advertisements. Your browser is assigned a pseudonymous ID, which is used to track the ads that have been served to your browser and to identify those on which you’ve clicked. The cookies enable Google and its partners to select and display ads based on your browsing behavior. For more information on how Google uses this information, you can visit https://policies.google.com/technologies/ads and https://support.google.com/displayvideo/answer/7621162. To block certain ads served by Google, please visit https://support.google.com/ads/answer/2662922 and https://adssettings.google.com. Google’s Privacy Policy is available at: https://www.google.com/policies/privacy.

Choices About Cookies and Similar Technologies.  You may choose to not allow analytic cookies via the cookies consent banner or you may set your browser to refuse all or some browser cookies or to alert you when cookies are being set.  For more information on how to modify your browser settings to block or filter cookies, visit http://www.aboutcookies.org/.  You may learn more about internet advertising practices and related consumer resources at http://www.aboutads.info/consumers/, http://www.networkadvertising.org/choices, and http://youronlinechoices.eu/.  These settings may affect your enjoyment of the Site’s functionality. Adjusting the cookie settings may not fully delete all of the cookies that have already been created. To delete them, you should review your web browser settings after you have changed your cookie settings. In addition to the above, the links below provide additional information about how to disable cookies or manage the cookie settings:

Google Chrome:           https://support.google.com/chrome/answer/95647?hl=en

Firefox:                        https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Microsoft Edge:            https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09

Safari:                          https://support.apple.com/guide/safari/manage-cookies-sfri11471/mac and https://support.apple.com/en-us/HT201265

Zoom.  Some services that we offer may use Zoom.  When you join meetings and webinars on Zoom, other people or organizations, including third parties outside the meeting or webinar, may be able to see content and information that you share.  Our customers, not us, designates one or more people (called an Admin. User or “Administrator”) to manage the User’s Zoom account.  Administrators may be able to see content and information shared in a Zoom meeting.  You may learn more about Zoom’s policies by visiting https://explore.zoom.us/en/privacy/.

Online Tracking Signals. We do not currently recognize browser settings or signals of tracking preferences, which may include “Do Not Track” instructions. “Do Not Track” is a web browser setting that seeks to disable the tracking of individual users’ browsing activities. We adhere to the standards set out in this Policy and do not currently respond to “Do Not Track” signals on the Site or on third-party websites or online services where we may collect information.

Chatbot Technology. We may use chatbots to help provide customer service and support, including through the use of a virtual assistant powered by artificial intelligence (“AI”) technology.  A chatbot is a software application that mimics human conversations in text and/or voice interactions on our Site.  It enables the natural language communication between a human and a machine, which can take the form of messages or voice commands.  The chatbot is designed to work without the assistance of a human operator.  It responds to questions posed to it in natural language as if it were a real person using a combination of pre-programmed scripts and machine learning/AI algorithms.  While the chatbot aims to offer accurate and helpful responses, its information may not always be exhaustive, up-to-date, or tailored to individual circumstances. If you use our chatbot service, we will collect and may share any Personal Information you provide to us.  We will also create and store the transcript of your chat interaction with us which will be shared and stored with our third-party service provider.  We use these transcripts for our business needs, including quality control, customer service, fraud prevention, and security. We do not assume any liability for actions taken based on the chatbot’s responses.  By using our Site or Services and our chatbot, you acknowledge and agree to these terms.

Accuracy and Updating Your Personal Information. Our goal is to keep your Personal Information accurate, current, and complete. If any of the Personal Information you have provided to us changes, please update it in your user/account profile, or let us know via the “Contact Us” details at the end of this Policy.  For instance, if your email address changes, you may wish to let us know so that we can communicate with you.  If you become aware of inaccurate Personal Information about you, you may want to update your information.  We are not responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.

Complaints. If you believe that your rights relating to your Personal Information have been violated, you may lodge a complaint with us by contacting us via the “Contact Us” details at the end of this Policy.

CCPA and CPRA Notice at Collection. For purposes of the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”), in collecting the information described above, we collect the categories of Personal Information listed below.

CCPA/CPRA Category	Description
Identifiers	When collecting Account Information, we will receive your name, email address, username, and unique personal identifier. When collecting Social Media Information, Feedback or Support Inquiries, and Contact Us Data, we will receive your name and email address. When collecting Social Media Information, we will receive your name and email address. When collecting Cookies and Similar Technologies and Usage Information, we will receive your Internet Protocol (IP) address or unique device identifier. We use Identifiers as set forth in the “How Do We Collect and Use Personal Information” and the “How Do We Share or Disclose Personal Information” sections of this Policy.
Categories of personal information described in the California Customer Records statute	When collecting Account Information, we will receive your name, email address, username, and unique personal identifier. When collecting Social Media Information, Feedback or Support Inquiries, and Contact Us Data, we will receive your name and email address. When collecting Social Media Information, we will receive your name and email address. When collecting Cookies and Similar Technologies and Usage Information, we will receive your Internet Protocol (IP) address or unique device identifier. We use Categories of Personal Information described in the California Customer Records statute as set forth in the “How Do We Collect and Use Personal Information” and the “How Do We Share or Disclose Personal Information” sections of this Policy.
Internet or other electronic network activity information	When collecting Cookies and Similar Technologies and Usage Information, we will receive data about which webpages you visit. When collecting Location Information and Usage Information, we will automatically receive information from your browser and your device, which includes the date and time of your visit as well as your location, Internet Protocol (IP) address, domain server, browser type, access time, and data about which pages you visit. We use Internet or Other Electronic Network Activity Information as set forth in the “How Do We Collect and Use Personal Information” and the “How Do We Share or Disclose Personal Information” sections of this Policy.
Geolocation data	When collecting Cookies and Similar Technologies, Location Information and Usage Information we will receive your geolocation while using the Site. We use Geolocation Data as set forth in the “How Do We Collect and Use Personal Information” and the “How Do We Share or Disclose Personal Information” sections of this Policy.
Audio, electronic, visual, thermal, olfactory, or similar information	We use Audio, electronic, Visual, Thermal, Olfactory, or Similar Information as set forth in the “How Do We Collect and Use Personal Information” and the “How Do We Share or Disclose Personal Information” sections of this Policy
Commercial Information	When collecting Contact Us Data, we will receive your preferred method of contact and the message that you choose to provide. We use Commercial Information as set forth in the “How Do We Collect and Use Personal Information” and the “How Do We Share or Disclose Personal Information” sections of this Policy.
Professional or employment-related information	When collecting Account Information and Contact Us Data, we will receive your work email address, work telephone number, company name, and company address. We use Professional or Employment-Related Information as set forth in the “How Do We Collect and Use Personal Information” and the “How Do We Share or Disclose Personal Information” sections of this Policy.
Inferences	Examples: Derivation of information, data, assumptions, or conclusions from facts, evidence, or another source of information or data) drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

 

Personal Information Collected: As described in this Policy, we have collected the categories of Personal Information listed below during the preceding 12 months:

• Identifiers
• Categories of personal information described in the California Customer Records statute
• Internet or other electronic network activity information
• Geolocation data
• Audio, electronic, visual, thermal, olfactory, or similar information
• Commercial Information
• Professional or employment-related information

Categories of Sources: We have collected the Personal Information identified in this Policy from you directly when you provide it to us, automatically as you navigate through the Site, which may include, but not be limited to, usage details, IP addresses, and information collected through cookies and other tracking technologies, and from our business partners, as applicable.

Business and Commercial Purposes for Collecting: We have collected the categories of Personal Information listed above for the following purposes:

• Operate the Site;
• Provide our services to you;
• Honor our terms of use and contracts;
• Ensure the privacy and security of our Site and services;
• Maintain our databases and back-ups;
• Manage our relationships with you;
• Communicate with you;
• Keep records of our communications with you;
• Analyze use of the Site and our services;
• Serve you the content and functionality you request;
• Develop new services;
• Enhance your experience;
• Track visits to the Site;
• Provide you with a more personal and interactive experience on the Site; and
• Usage analytics purposes.

Personal Information Sold: We have not sold or shared categories of Personal Information during the preceding 12 months.

Personal Information Disclosed for a Business Purpose. We have disclosed for a business purpose the categories of Personal Information listed below during the preceding 12 months:

• Identifiers
• Categories of personal information described in the California Customer Records statute
• Characteristics of protected classifications
• Commercial information
• Internet or other electronic network activity information
• Commercial Information
• Geolocation data

We have disclosed each category of Personal Information to the following categories of third parties: (1) corporate parents, subsidiaries, and affiliates; (2) advisors (accountants, attorneys); (3) contractors and service providers (data analytics, data storage, mailing, marketing, website and platform administration, technical support); and (4) operating systems and platforms.

Personal Information Retention.  We will store your Personal Information for as long as is reasonably necessary to fulfill the purposes described in this Policy or as required by law or our data retention policy.

We do not collect or maintain Personal Information on any minors under the age of 16. We do not knowingly sell or share Personal Information of minors under 16 years old, however, to the extent we knowingly “sell” or “share” as those terms are defined under the CCPA and the CPRA, respectively, the Personal Information of minors under 16 years old who are California residents, we either obtain prior affirmative authorization from such minor to the opt-in to the sale of the minor’s Personal Information or obtain affirmative authorization from the minor’s parent or guardian. A minor, or parent/guardian, who has opted in to the sale of the minor’s Personal information has the right to opt-out at any time. To exercise your right to opt-out see the Right to Opt-Out section below. See also the Submitting a Request and Right to Delete sections with regard to Personal Information of any minors under the age of 16.

We do not offer financial incentives or any price or service difference in exchange for the retention, sale, or sharing of your Personal Information.

 

Under the CCPA and CPRA, you have the right to direct us to stop selling and sharing your Personal Information to third parties and to refrain from doing so in the future. To the extent we sell or share your Personal Information, as those terms are defined in the CCPA and CPRA, respectively, you have the right to opt-out of the sale or sharing of your Personal Information at any time.  You may submit a request to opt-out using the link on our website, or by contacting or us at 1-877-ECHO360 x2 or by email at support@echo360.com or privacy@echo360.com. For purposes of the CCPA and the CPRA, we do not sell or share Personal Information or Sensitive Personal Information as defined under applicable law.

 

The CCPA and CPRA gives consumers the right to request that we (1) disclose what Personal Information we collect, use, disclose, sell, and share and (2) delete certain Personal Information that we have collected or maintain. You may submit these requests to us as described below, and we honor these rights where they apply.

If a request is submitted in a manner that is not one of the designated methods for submission, or if the request is deficient in some manner unrelated to our verification process, we will either (1) treat the request as if it had been submitted in accordance with the designated manner, or (2) provide you with specific directions on how to submit the request or remedy any deficiencies with the request, as applicable. 

Request to Know. As a California resident, you have the right to request: (1) the specific pieces of Personal Information we have collected about you; (2) the categories of Personal Information we have collected about you; (3) the categories of sources from which the Personal Information is collected; (4) the categories of Personal Information about you that we have sold or shared and the categories of third parties to whom the Personal Information was sold or shared; (5) the categories of Personal Information about you that we disclosed for a business purpose and the categories of third parties to whom the Personal Information was disclosed for a business purpose; (6) the business or commercial purpose for collecting, disclosing, selling, or sharing Personal Information; and (7) the categories of third parties with whom we share Personal Information. Our response will cover the 12-month period preceding our receipt of a verifiable request, except as otherwise required by applicable law.

Request to Delete. As a California resident, you have a right to request the erasure/deletion of certain Personal Information collected or maintained by us. As described herein, we will delete your Personal Information from our records and direct any service providers (as defined under applicable law) to delete your personal information from their records. However, we are not required to honor a deletion request if an exemption applies under the law.

Request to Correct.  As a California resident, you have a right to request the correction of certain inaccurate Personal Information collected or maintained by us. Upon receipt of a verifiable request to correct inaccurate Personal Information, we will use commercially reasonable efforts to correct the inaccurate Personal Information as directed by you, pursuant to applicable law.

 

As a California resident, you have a right to request that use and disclosure of Sensitive Personal Information be limited to that use which is necessary to perform the services or provide the goods reasonably expected by a similarly situated consumer and as authorized in accordance with applicable law.  You further have the right to opt-out of the selling or sharing of your Sensitive Personal Information.  See the Right to Opt-Out section for further instructions as to how to Opt-Out. 

Submitting a Request

Submission Instructions. You may submit a request to know or to delete via your Account Page or by email to support@echo360.com or privacy@echo360.com.  Regarding requests to delete, we may present you with the choice to delete select portions of your Personal Information, but a global option to delete all Personal Information will be offered and more prominently presented.

Verification Process. We are required by law to verify the identities of those who submit requests to know or to delete. To determine whether the individual making the request is the consumer about whom we have collected information, we will verify your identity by matching the identifying information provided by you in the request to the personal information that we already maintain about you. As a part of this process, you will be required to provide your full name, account number, address, and telephone number. We will inform you if we cannot verify your identity.

• If we cannot verify the identity of the person making a request for categories of Personal Information, we may deny the request. If the request is denied in whole or in part for this reason, we will provide a copy of, or direct you to, our privacy policy.
• If we cannot verify the identity of the person making the request for specific pieces of Personal Information, we are prohibited from disclosing any specific pieces of Personal Information to the requestor. However, if denied in whole or in part for this reason, we will evaluate the request as if it is seeking the disclosure of categories of personal information about the consumer.
• If we cannot verify the identity of the person making a request to delete, we may deny the request.
• If there is no reasonable method by which we can verify the identity of the requestor to the degree of certainty required, we will state this in our response and explain why we have no reasonable method by which we can verify the identity of the requestor. 

Authorized Agents. Authorized agents may submit requests via the methods identified in this Policy. If you use an authorized agent to submit a request to know or a request to delete, we may require you to: (1) provide the authorized agent with signed permission to do so; (2) verify your identity directly with us; and (3) directly confirm with us that you provided the authorized agent permission to submit the request. However, we will not require these actions if you have provided the authorized agent with power of attorney pursuant to the California Probate Code.

Excessive Requests. If requests from a consumer are manifestly unfounded or excessive, in particular because of their repetitive character, we may either (1) charge a reasonable fee, or (2) refuse to act on the request and notify the consumer of the reason for refusing the request. If we charge a fee, the amount will be based upon the administrative costs of providing the information or communication or taking the action requested.

Time Period to Comply with Requests.  We will disclose and deliver the required information as requested by you pursuant to this Section free of charge, correct inaccurate Personal Information, or delete your Personal Information, based on your request, within 45 days of receiving a verifiable request, but will confirm receipt of your request within 10 business days of receipt of same. We will promptly take steps to determine whether the request is a verifiable consumer request, as set forth herein, but this shall not extend our duty to disclose and deliver the information, to correct inaccurate Personal Information, or to delete Personal Information within 45 days of receipt of the request. However, the time period to provide the required information, to correct inaccurate Personal Information, or to delete Personal Information may be extended once by an additional 45 days when reasonably necessary, provided we provide you with notice of the extension within the first 45-day period.

 

You have the right not to receive discriminatory treatment by us due to your exercise of the rights provided by the CCPA and CPRA. We do not offer financial incentives and price or service differences, and we do not discriminate against consumers for exercising their rights under the CCPA and CPRA.

 

Under California Civil Code Section 1798.83, California residents who provide Personal Information in obtaining products or services for personal, family, or household use may be entitled to request and obtain from us once a calendar year information about the information we shared, if any, with other businesses for direct marketing uses. At present, we do not share your Personal Information with third parties for those third parties’ direct marketing purposes. Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing, if any, will be included in our response. As part of the California Online Privacy Protection Act, all users of our Site may make any changes to their information at any time by contacting us at privacy@echo360.com.

 

You may submit a verified request to us at privacy@echo360.com to request that we not make any sale (as defined under Nevada law) of any covered information (as defined under Nevada law) that we have collected or will collect about you. Please provide your name and contact information in your request, and we will respond to your request in accordance with Nevada law.  However, please know that we do not currently sell data triggering the Nevada statute’s opt-out requirements.

If you are an Oregon resident, you have the right to request the identity of the specific third parties to which you personal data has been disclosed.  Provide your name and contact information in your request, and we will respond to your request in accordance with Oregon law.

 

If you are a resident of Colorado, Connecticut, Florida, Montana, Oregon, Texas, Utah or Virginia, you may have certain privacy rights under the applicable privacy laws in your state (“State Privacy Laws”). This section describes those rights and how you can exercise them with respect to our data practices. 

Rights Requests

Right to Know, Right to Deletion and Right to Correct

You can request what Personal Information we have collected, used, disclosed, and sold.

You can request to correct inaccuracies in your Personal Information, taking into account the information’s processing purpose.

You can opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects including, but not limited to, automated processing performed on personal information to evaluate, analyze or predict personal aspects related to your economic situation, health, personal preferences, interests, reliability, behavior, location or movements (“Profiling”). To submit a request to opt out pursuant to this section, please contact us using the information provided in the Contact Us section of this Policy.  To opt out of cookie-based or digital advertising-based Profiling, please opt out of the selling/sharing of your information for targeted advertising, as described above. Note that if you opt out of profiling, your experience with the Site will be less personalized.

We will not be able to opt you out of Profiling where one of the following exceptions applies:

• Legal: To comply with applicable laws, rules or regulations; to comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by governmental authorities; to cooperate with law enforcement; to investigate, exercise, prepare for or defend actual or anticipated legal claims; or to assist another party with any of its obligations under applicable laws;
• Security: To prevent, detect, protect against, or respond to security incidents, identity theft, fraud, harassment, or malicious, deceptive, or illegal activity; preserve the integrity or security of systems; or investigate, report, or prosecute those responsible for any such action;
• Improvement of Services and Products/Internal use: To conduct internal research to improve, repair or develop products, services or technology;
• Transactional: To provide a product or service specifically requested by you; to complete a transaction with you or to complete a contract we have with you; and
• Public Interest: To protect your vital interests or those of another individual.

You can also request that we delete your Personal Information. We may not delete all of your Personal Information if one of the following exceptions applies:

• Transactional: To complete a transaction for which the Personal Information was collected, provide a good or service requested by you, or perform a contract we have with you;
• Security: To detect data security incidents; preserve the integrity or security of systems; or investigate, report, or prosecute those responsible for any such action;
• Error Correction:  To debug or repair any errors;
• Legal:  To protect against fraud, harassment, malicious or deceptive activities, or illegal activity or to comply with applicable law or a legal obligation, or exercise rights under the law, such as the right to free speech; to assist another party with any of its obligations under applicable privacy laws; or
• Internal Use:  To use your Personal Information, internally, in a lawful manner that is compatible with the context in which you provided the information (i.e., to improve our services).

Right to Appeal

If you are a Colorado, Connecticut, Montana, Oregon, Texas or Virginia resident and we were unable to fulfill your request, you may appeal our request by contacting us using the information provided in the Contact Us section of this Policy within fourteen days of our decision, and submitting an appeal request, with a detailed reason for your appeal, as well as your state of residence.

Retention

We will store your Personal Information for as long as is reasonably necessary to fulfill the purposes described in this Privacy Policy or as required by applicable law.

To exercise any of these rights or to appeal a decision regarding a consumer rights request, please contact us using any of the methods listed in Contact Us section of this Policy.

 

If you are located in Canada, you have the following rights under Canada’s main federal law relating to privacy, the Personal Information Protection and Electronic Documents Act (PIPEDA):

• ask whether we hold Personal Information about you and request copies of such Personal Information and information about how it is processed;
• request that inaccurate Personal Information is corrected;
• request deletion of Personal Information that is no longer necessary for the purposes underlying the processing, processed based on withdrawn consent, or processed in non-compliance with applicable legal requirements; and
• lodge a complaint with us regarding our practices related to your Personal Information.

To exercise any of these rights, please contact us using any of the methods listed in the Contact Us section of this Policy.

 

If you are an individual located in Australia whose Personal Information is collected or held by us at a time when the collecting or holding entity has an ‘Australian link’ within the meaning of the Privacy Act 1988 (Cth) (the “Australian Privacy Law”), you may:

• request access to your Personal Information processed by us;
• seek correction of your Personal Information processed by us;
• make a complaint to us about a breach of the Australian Privacy Law;

by contacting us using any of the methods listed in the Contact Us section of this Policy. 

Prior to providing you with access to, or correcting your, Personal Information, we will seek to verify your identity. We will not charge you a fee for requesting corrections of your Personal Information, however, in some circumstances, we may charge you a fee for providing you access to your Personal Information to cover reasonable administrative costs in locating, copying, and supplying that information to you.

We will investigate any complaint you may have with respect to the handling of your Personal Information and endeavor to resolve any issue to your satisfaction.  If we do not adequately answer your concerns, you will have the right to make a complaint to the Office of the Australian Information Commissioner (OAIC) by phone at 1300 363 992 or completing the OAIC’s privacy complaint form.

 

If you are located in the EU or EEA, you have the following rights under the GDPR. All requests should be sent to the address noted in the “Contact Us” section of this Policy, and we will fulfill requests to the extent required by applicable law.

Personal Data. Under the GDPR, Personal Data is defined as any information relating to an identified or identifiable natural person (“Data Subject”).  A Data Subject is an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

            Collection of Personal Data. Your Personal Data may be collected whenever we:

• interacts with individuals who are prospective and existing customers/suppliers;
• interacts with individuals who are representatives or contact persons of prospective and existing customers/suppliers that are legal entities (e.g., for the selling/ordering of products or for marketing related purposes); or
• uses public databases to facilitate the provision of goods or services (e.g., to link a license plate with car identification information).

Categories of Personal Data Collected.  We may collect:

• basic identification information, such as name, title, position, company name, email and/or postal address and the fixed and/or mobile phone number;
• financial information (e.g., bank account details, credit card information);
• information regarding the status of direct marketing emails (e.g., not delivered, delivered, opened);
• any additional information you voluntarily provide, (e.g., by filling in a form or registering for an email newsletter).

This information may either be directly provided by the above individuals or provided by the legal entity for whom they work (e.g., if they are the contact person designated by their employer to manage the commercial relations with us).

Legal Basis of the Processing.  We are not allowed to process Personal Data if we do not have a valid legal ground. Therefore, we will only process Personal Data if:

• we have obtained your prior consent;
• the processing is necessary to perform our contractual obligations towards you or to take pre-contractual steps at your request;
• the processing is necessary to comply with our legal or regulatory obligations (e.g., tax or accounting requirements); or
• the processing is necessary for our legitimate interests and does not unduly affect your interests or fundamental rights and freedoms. Please note that, when processing your Personal Data on this basis, we seek to maintain a balance between our legitimate interests and your privacy.

Right of Access. To the extent required by law, you have the right to receive confirmation as to whether or not Personal Data concerning you are being processed, and, where that is the case, access to the Personal Data and the following information: the purposes of the processing; the categories of Personal Data concerned; and the recipients or categories of recipient to whom the Personal Data have been or will be disclosed. We will provide a copy of your Personal Data in compliance with applicable law.

Right of Rectification. Our goal is to keep your Personal Data accurate, current, and complete. Please contact us if you believe your information is not accurate or if it changes.

Right to Erasure. In some cases, you have a legal right to request that we delete your Personal Data when (1) it is no longer necessary for the purposes for which it was collected, (2) consent has been withdrawn in certain instances, (3) you have objected to the processing in certain instances, (4) the Personal Data has been unlawfully processed, (5) the Personal Data have to be erased for compliance with a legal obligation; and (6) the Personal Data were collected in relation to the offer of information society services. However, the right is not absolute. When we delete Personal Data, it will be removed from our active servers and databases as well as the Site; but it may remain in our archives when it is not practical or possible to delete it. We may also retain your Personal Data as needed to comply with our legal obligations, resolve disputes, or enforce any agreements.

Right to Restrict Processing. You have the right to restrict the processing of your Personal Data when (1) the accuracy of the Personal Data is contested, for a period enabling the controller to verify the accuracy of the Personal Data; (2) the processing is unlawful and you oppose erasure and request a restriction instead; (3) we no longer need the Personal Data, but you need us to keep it for the establishment, exercise, or defense of legal claims; or (4) you have objected to us processing the Personal Data, pending resolution of the objection.

Right to Object. In certain circumstances, you have the right to object to the processing of your Personal Data where the processing is necessary for performance of a task carried out in the public interest, for our legitimate interests, or for the legitimate interests of others. You also have the right to object where Personal Data are processed for direct marketing purposes or for scientific or historical research purposes or statistical purposes.

Right to Withdraw Consent. If you have provided your consent to the collection, processing, and transfer of your Personal Data, you may have the right to fully or partially withdraw your consent. Once we have received notice that you have withdrawn your consent, in whole or in part, we will no longer process your information for the purpose(s) to which you originally consented and have since withdrawn unless there are compelling legitimate grounds for further processing that override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. Withdrawal of consent to receive marketing communications will not affect the processing of Personal Data for the provision of our services.

Right to Complain. If you believe we have not processed your Personal Data in accordance with applicable provisions of the GDPR, we encourage you to contact us at dpo@echo360.com or privacy@echo360.com.  You also have the right to make a GDPR complaint to the relevant Supervisory Authority or seek a remedy through the courts. A list of Supervisory Authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law.

Because we do business in many countries, Personal Information or Personal Data, as applicable, collected by us in one country may be transferred to, stored, or processed in another country, the data protection, privacy and other laws of which might not be as protective or comprehensive as those in your country. Personal Information or Personal Data, as applicable, gathered in one country may be subject to access by and disclosure to law enforcement agencies of jurisdictions other than the country where the Personal Information or Personal Data was first collected. We also may share Personal Information or Personal Data, as applicable, with organizations and entities that perform services on its behalf, and these organizations and entities may be located in countries other than the country in which the Personal Information or Personal Data was first collected.

We will endeavor to obtain appropriate and reasonably enforceable assurances from third parties, including its subsidiaries and affiliates, to which it discloses or transfers Personal Information or Personal Data that these third parties will safeguard Personal Information or Personal Data, as applicable, in a manner consistent with this Policy. When we become aware that a third party is using or disclosing Personal Information or Personal Data in a manner contrary to this Policy, we will endeavor to take reasonable steps to prevent or stop such use or disclosure. To the extent applicable law requires an individual’s consent before disclosing Personal Information or Personal Data to third parties, we will endeavor to obtain the individual’s consent prior to such transfer. There may be circumstances where we are required to transfer Personal Information or Personal Data without obtaining prior consent, including (i) where required by a court order; (ii) where we believes upon reasonable grounds, that it is necessary to protect the rights, privacy, or safety or property of a person or group of persons; (iii) where it is necessary to establish or collect monies owing to us or to complete a transaction with a third party; (iv) where it is necessary to permit us to pursue available remedies or limit any damages we may sustain; or (v) where the information is public. When we are obliged or permitted to disclose Personal Information or Personal Data, we will endeavor not to disclose more than is required.

Residents of certain countries may be subject to additional protections as set forth below. 

EEA, Swiss, and UK Users

We comply with the EU-US Data Privacy Framework program (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework program (Swiss-US DPF) as set forth by the US Department of Commerce.  We have certified to the US Department of Commerce that we adhere to the EU-US Data Privacy Framework Principles (EU-US DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-US DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-US DPF. We have certified to the US Department of Commerce that we adhere to the Swiss-US Data Privacy Framework program Principles (Swiss-US DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-US DPF. To learn more about the Data Privacy Framework (DPF) program and to view our certification, please visit https://www.dataprivacyframework.gov/. We are committed to subjecting all personal data received from the EU EEA, UK, and Switzerland to the applicable Principles of the Data Privacy Frameworks, including with respect to onward transfers of personal data for which we will remain liable. In compliance with the Data Privacy Framework, we also commit to resolve complaints about our collection or use of your personal data, and individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact us at privacy@echo360.com. If you do not receive timely acknowledgment from us of your complaint or if we have not resolved your complaint, please contact or visit the applicable data protection authorities for more information or to file a complaint. These services are provided at no cost to you. We commit to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

In certain circumstances, each Data Privacy Framework provides EU, Swiss, and UK individuals the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Data Privacy Framework. We are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with respect to its compliance with the provisions of the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. If there is any conflict between the terms in this privacy statement and the EU-US DPF Principles and/or the Swiss-US DPF Principles, the Principles shall govern. If the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF do not apply, we will rely on other data transfer mechanisms to transfer personal data outside the EEA, the UK, and Switzerland, such as Standard Contractual Clauses.

This Policy only applies to the Site, and it does not apply to any third-party websites or applications.

The Site may contain links to, or media and other content from, third-party websites. These links are to external websites and third parties that have their own privacy policies. If you follow any links that direct you away from the Site, including links to social media sites or to other websites, this Policy will not apply to your activity on the other sites you visit. Because of the dynamic media capabilities of the Site, it may not be clear to you which links are to the Site and which are to external, third party websites. If you click on an embedded third-party link, you will be redirected away from the Site to the external third-party website. You can check the URL to confirm that you have left this Site.

We cannot not (i) guarantee the adequacy of the privacy and security practices employed by or the content and media provided by any third parties or their websites, (ii) control the privacy policies or the privacy practices of any third parties regarding their independent collection or use or your personal information, or (iii) endorse any third party information, products, services or websites that may be reached through embedded links on this Site.

We rely on recognized legal bases to lawfully conduct cross-border/international transfers of personal information outside of the EU and EEA, such as your express informed consent to do so (as noted above), when transfer is necessary for us to deliver services pursuant to an agreement between us and you, for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person, or when the transfer is subject to safeguards that assure the protection of your personal information, such as the European Commission’s approved standard contractual clauses.

Any Personal Information provided by you or automatically collected from you by a third party will be governed by that party’s privacy policy and terms of use. If you are unsure whether a website is controlled, affiliated, or managed by us, you should review the privacy policy and practices applicable to each linked website.

The Children’s Online Privacy Protection Act (“COPPA”), as well as other data privacy regulations, restrict the collection, use, or disclosure of personal information from and about children on the Internet. The Site is restricted to the use of adults over the age of majority in their place of residence. No portion of the Site is directed to children under the age of 18, and no one under the age of 18 may access, browse, or use the Site or provide any information to or on the Site. Consequently, we do not knowingly collect Personal Information from any person under the age of 18. If we learn that we have collected Personal Information from a child under age 18 without a parent’s or legal guardian’s consent, we will take steps to stop collecting that information and delete that information as quickly as possible. If you are a parent or guardian of a child under 18 years of age and you believe your child has provided us with Personal Information, please contact us at compliance@Echo360.com. 

For more information about COPPA, please visit the Federal Trade Commission’s website at: https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule.

We reserve the right to add to, change, update, or modify this Policy at any time to reflect any changes to how we treat your information or in response to changes in law. In the event we make changes to this Policy, such policy will be re-posted on this page, with the date such modifications were made indicated on the top of the page. If we make material changes to how we treat your information, we may contact you to inform you about the revisions with a link to the revised Policy or notify you through a notice on the homepage of the Site for a reasonable period of time. All changes are effective on the date listed at the top of this page and will apply to all information that we have about you.

You are expected to, and you acknowledge and agree that it is your responsibility to, carefully review this Policy prior to using the Site, and from time to time, so that you are aware of any changes. Your continued use of the Site or our services after the “Last Updated” date indicates your acceptance of the changes and your continued consent to our processing of your Personal Information according to the terms of the then-current Policy. If at any point you do not agree to any portion of this Policy, then you should immediately stop using the Site and the services. Because this Policy contains legal obligations, we encourage you to review this Policy carefully.

For more information, or if you have any questions concerning this Policy or our information collection, storage and disclosure practices, wish to exercise your rights, or wish to lodge a complaint with us, you may contact us using the information below. Please note, if your communication is sensitive, you may wish to contact us by postal mail or telephone.

In Writing:     Turning Tech Intermediate, Inc., d/b/a Echo360

                        Attn: Privacy Officer/Customer Information

                        6000 Mahoning Ave, Suite 254

                        Youngstown, OH  44515, United States of America

By Email:        privacy@echo360.com

When you contact us, please describe in as much detail as possible the nature of your inquiry. We will investigate your inquiry promptly.

In the event you feel we have not adequately resolved your complaint; we have other recourse mechanisms available to you. If you are a European resident and have a complaint regarding this Policy, please note that the under the GDPR you have the right to contact your local data protection supervisory authority. In other jurisdictions, please refer to your local Data Protection Legislation for other appropriate recourse mechanisms that may be available to you should you have any unresolved complaints regarding this Policy.

The GDPR requires us to appoint a “Data Protection Officer.”  This is a person who is responsible for overseeing and advising us in relation to our compliance with the GDPR (including compliance with the practices described in this Privacy Policy). If you want to contact our Data Protection Officer directly, you can email: dpo@echo360.com.