Last Updated on October 3, 2023
Personal Information means any information or set of information, whether alone or in combination with other Personal Information, processed by Echo360, which is sufficient to identify an individual (“Personal Information”). Personal Information does not include information that is anonymous, nor does it include publicly available information that has not been combined with non-public Personal Information. For Personal Information (or Personal Data) originating from or processed in the EEA, as defined below, those terms shall have the meaning given to it in the “Rights of EU/EEA Residents” and “International Data Transfers” sections of this Policy.
What processing activities are covered by this Policy? This Policy applies to the processing of Personal Information or Personal Data when you visit our website https://www.echo360.com/ and any features, subdomains, content, functionality, services, media, applications, or solutions offered on or through our website (collectively referred to as the “Site”). By accessing and using the Site, or by otherwise signaling your agreement when the option is presented to you, you consent to the collection, use and disclosure of information as described in this Policy. This Policy only governs the Site, and it does not govern off-line data collection, or any other website or service operated by third parties that do not specifically refer to this Policy. Any materials submitted through the Site and your use of the Site are subject to the Echo360 Terms and Conditions: https://echo360.com/terms-and-conditions/.
“Processing” shall mean any operation or set of operations that is performed upon Personal Information or Personal Data or sets thereof, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction and the verb “to process” shall be construed accordingly.
Who is responsible for your personal information? If you are a user in the European Union (“EU”) or European Economic Area (“EEA”), for purposes of the EU General Data Protection Regulation 2016/79 the “GDPR”), we act as a data controller with respect to the Personal Data described in this Policy. In this role, we are responsible for implementing the applicable data protection principles and for safeguarding Personal Data. We also recommend you consult the “Rights of EEA Residents” and “International Data Transfers” sections of this Policy for more information about provisions that may apply to you.
When processing personal information, Echo360 shall follow these principles:
- Echo360 endeavors to inform persons whose Personal Information Echo360 collects, in accordance with applicable law, when those persons are first asked to provide personal information to Echo360, or as soon as practicable thereafter. This includes providing information about (i) the purposes for which Echo360 collects and uses the Personal Information, (ii) the types of third parties to which Echo360 discloses (or may disclose) that Personal Information, and (iii) the choices and means Echo360 offers the subjects of the Personal Information for limiting the use and disclosure of their Personal Information.
- Unless permitted by applicable law, no Personal Information is collected without first obtaining the consent of the individual for the collection, use and disclosure of that Personal Information. In some circumstances the consent for Echo360 to collect Personal Information may arise from the nature of the relationship between Echo360 and the individual, or an individual’s interaction with Echo360, such as by using an Echo360 website or engaging in a transaction with Echo360.
- Echo360 will collect your Personal Information only for specified and legitimate purposes. The information we collect will be relevant, adequate and not excessive for the purposes for which it is collected.
- Echo360 will process your Personal Information in a manner consistent with the purposes for which it was originally collected or to which you have subsequently consented.
- Echo360 will take commercially reasonable steps to ensure that your Personal Information is reliable for its intended use, accurate, complete, and, where necessary, kept up-to-date.
- Echo360 will not use your Personal Information for direct marketing purposes without giving you an opportunity to “opt-out.”
- Echo360 will take appropriate measures, by contract or otherwise, to provide adequate protection for Personal Information that is disclosed to a third party or transferred to another country, including transfers within Echo360.
- When you provide Personal Information to Echo360, you acknowledge that you have read this Policy and, where required under applicable law, consent to the collection, use and disclosure of your Personal Information in accordance with this Policy and other applicable Echo360 policies. You may, as provided by applicable law, be free to refuse or withdraw your consent.
- Echo360, and third parties on its behalf, as more fully set forth herein, use the Personal Information collected from you for purposes such as, but not limited to, user registration; administering and tracking a purchase, payment, return, warranty or rebate; arranging for services; inviting participation in online surveys; requesting feedback on products and services; and otherwise communicating with you through various channels.
HOW DO WE COLLECT AND PROCESS YOUR INFORMATION?
We collect and process the following Personal Information from you for the purposes set forth below.
Types of Data and Purpose
Any factual or subjective information about an identifiable individual, which may include, but not be limited to, first name, last name and email address, as well as profile information that you choose to provide for your profile, such as your username, password, preferences, and other information you provide for your profile. We will collect this Personal Information with your express consent or as otherwise permitted by applicable law. This information is necessary to enable us to provide you the account you have requested and to maintain the account and your profile. You may update your account information by editing the information associated with your account.
You may provide to us your first name, surname, title, government ID, type, and number, as well as your email address, physical address, and phone number.
Social Network Information
We process Social Network Information to provide our Site and services, to manage our relationships with you, to communicate with you, and to keep records of our communications with you. The legal basis for this processing is consent or, where applicable, our legitimate interests in the proper administration of our Site and business and the proper management of our customer relationships.
Cookies and Similar Technologies
When you visit the Site, we collect cookies and use similar technologies as described in the “Cookies and Similar Technologies” section of this Policy. If you choose to disable cookies and similar technologies, some areas and features of the Site may not work properly. Please see the “Cookies and Similar Technologies” section of this Policy for more information.
We process Cookies and Similar Technologies to analyze use of the Site and our services, to operate the Site, to serve you the content and functionality you request, to ensure the privacy and security of our Site and services, to develop new services, to enhance your experience, to track visits to the Site, to provide you with a more personal and interactive experience on the Site, and for usage analytics. We rely on your express opt-in consent for the use of marketing, performance, and analytic cookies and similar technologies. The legal basis for processing of strictly necessary cookies is our legitimate interests in the proper administration of our Site and business.
When you visit our Site, we automatically collect information from your browser or device, which includes the date and time of your visit as well as your location, Internet Protocol (IP) address, unique device identifier, language preference, device type, browser type, domain server, access time, referring website, mobile network information, data about which pages you visit, support document searches, features enabled for your account, and interactions with other parts of our Site.
We process Usage Data to analyze use of the Site and our services, to operate the Site, to serve you the content and functionality you request, to ensure the privacy and security of our Site and services, to develop new services, to enhance your experience, to track visits to the Site, and to provide you with a more personal and interactive experience on the Site, and for usage analytics. The legal basis for this processing is our legitimate interests in monitoring and improving our Site and services.
When you visit our Site, we may determine your approximate location from your Internet Protocol (IP) address.
We process Location Information to analyze use of the Site and our services, to operate the Site, to track visits to the Site, to provide you with a more personal and interactive experience on the Site, and for usage analytics. The legal basis for this processing is our legitimate interests in monitoring and improving our Site and services.
Feedback or Support Inquires, Marketing and Communications Preferences
If you provide us with feedback or respond to surveys, we will collect your name, email address, phone number, marketing preferences, communications preferences, and any written correspondence or comments provided by you.
We process Feedback or Support Inquiries to operate the Site and services, to manage our relationships with you, to improve our customer service, to communicate with you, and to keep records of our communications with you. The legal basis for this processing is consent or, where applicable, our legitimate interests in the proper administration of our Site and business, the proper management of our relationships, and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
Contact Us Data
If you contact us, we collect your email address and the content of your correspondence to us.
We process Contact Us Data to operate the Site and services, to ensure the privacy and security of our Site and services, to maintain our databases and back-ups, to manage our relationships with you, to improve our customer service, to communicate with you, and to keep records of our communications with you. The legal basis for this processing is consent or, where applicable, our legitimate interests in the proper administration of our Site and business, the proper management of our relationships, and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
Additional Personal Data We May Collect:
Payment Data. If you sign up for Paid Services, we receive a portion of your payment information from our payment processor (such as the last four digits, the country of issuance and the expiration date of the payment card) and we ask you to select your jurisdiction.
Communications Data. The emails and other communications that you send us or otherwise contribute, such as customer support inquiries or posts to our customer message boards or forums. Please be aware that information on public parts of our sites is available to others. We may also collect information you share with us in connection with surveys, contests or promotions.
Sub-Domain Data. Information from your use of the Echo360 services or users’ sub-domains. This may include: IP addresses, preferences, information about your browser, network or device (such as browser type and version, operating system, internet service provider, preference settings, unique device IDs and language and other regional settings), information about how you interact with the Services and our Users’ sub-domains (such as timestamps, clicks, scrolling, browsing times, searches, transactions, load times, and problems you may encounter, such as loading errors).
Partner Information. Information we get from our partners to support our marketing initiatives, improve our services and better monitor, manage and measure our ad campaigns, such as details about when our partner shows you one of our ads on or via its advertising platform.
Third-Party Services. Other information you submit to us directly or through third-party services if you use a third-party service to create an Account (based on your privacy settings with such third-party service).
Is entry of personal information required? The entry of Personal Information is required to access certain portions of the Site. You may choose not to provide us with any Personal Information and may still access certain portions of the Site but will not be able to access any portions of the Site that require your Personal Information.
In addition, where we need to process your Personal Information either to comply with law, or to perform the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with the functionalities of the Site). In this case, we may have to stop you from using our Site and terminate the contract you have with us. We will notify you if this is the case at that time.
Special Categories of Personal Information. We do not collect any additional “Special Categories of Personal Information” or “Sensitive Personal Information” about you, including, details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, and information about your health. Nor do we collect any information about criminal convictions and offenses.
Protected Health Information. We do not collect, store, maintain, or use any Protected Health Information (“PHI”) as that term is defined in the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”). You are expressly prohibited from entering, submitting, disclosing, or otherwise providing any PHI through or by the Site; any violation of this section is at your sole and voluntary risk and Eche360 shall bear no responsibility or have no liability therefor.
Other Processing Activities. We may process any of the Personal Information identified in this Policy for any of the following purposes:
- Provision of the Echo360 services and products. Create and manage your account, provide and personalize our services, process payments and respond to your inquiries.
- To protect your vital interests.
- Communicating with you. To respond to communications, reach out to you about your transactions or account, market our products and services, provide other relevant information, or request information or feedback. From time to time, we may use your Personal Information to send important notices, such as communications about purchases and changes to our terms, conditions, and policies. Because this information is important to your interaction with Echo360, you may not opt out of receiving these important notices.
- Surveys and contests. Administer surveys, contests and other promotions.
- Improving our Services. Analyze and learn about how the services are accessed and used, evaluate and improve our services (including by developing new products and services and managing our communications) and monitor and measure the effectiveness of our advertising. We usually do this based on anonymous, pseudonymized or aggregated information which does not focus on you individually. For example, if we learn that most users of paid services use a particular integration or feature, we might wish to expand on that integration or feature.
- Security and Fraud Protection. To protect individuals, employees, and Echo360 and for loss prevention and to prevent fraud, including to protect individuals, employees, and Turning for the benefit of all our users, and prescreening or scanning uploaded content for potentially illegal content, including child sexual exploitation material.
- Third-party relationships. Manage our vendor and partner relationships.
- Enforce our end user subscription agreement and other legal terms and policies.
- Protect our and others’ interests, rights and property (e.g., to protect our users from abuse).
- Complying with law. Comply with applicable legal requirements, such as tax and other government regulations and industry standards, contracts and law enforcement requests, as well as to keep records of our compliance processes.
- The establishment, exercise, or defense of legal claims, whether in court, administrative, or other proceedings. (The legal basis for such processing is our legitimate interest in the protection and assertion of our legal rights, your legal rights, and the legal rights of others.).
- Because our legitimate interests, or those of a third-party recipient of your Personal Information, make the processing necessary, provided those interests are not overridden by your interests or fundamental rights and freedoms.
- Obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice (the legal basis for this processing is our legitimate interest in the proper protection of our business).
- Purposes that are consistent with, related to and/or ancillary to the purposes and uses described in this Policy for which your personal information was provided to us.
We do not use Personal Information for making any automated decisions affecting or creating profiles other than as described herein.
Marketing Communication Preferences: We process your Personal Information to contact you with information regarding services that may be of interest to you. You can ask us to stop sending you marketing messages at any time by following the update email preferences or unsubscribe links on any marketing message sent to you or by contacting us at any time using the contact details in the Contact Us section. Please note that we may still find it necessary to communicate with you regarding your use of the Site.
Google API Services Compliance
We utilize certain Google API Services including, but not limited to, Google Classroom, in connection with the EchoPoll service we provide to you. Our Site’s use and transfer of information received from or provided to Google APIs will adhere to Google API Services User Data Policy, found at the following link: https://developers.google.com/terms/api-services-user-data-policy, including its Limited Use requirements as set forth in the Limited Use section of this policy. Specifically, we collect certain data from you via surveys, questionnaires, and quizzes provided through EchoPoll and we provide that data to Google API for the purpose of data analytics, and to support our continued provision and enhancement of services to you, in addition to the identified Processing Activities listed in “Other Processing Activities”.
End Users Personal Information
Our customers may establish a sub-domain using services and are responsible for what they do with the Personal Information they collect about their End Users. This section is directed to such customers.
If you are one of our Users, you may collect Personal Information about your End Users. For example, you may ask your End Users to provide their name, and email address in order to establish an account for them. You are solely responsible for complying with any laws and regulations that apply to your collection and use of your End Users’ information, including Personal Information you collect about them.
How and When Is Your Information Shared With Other Parties? We may share your information in the following contexts, but we will not share your Personal Information if such sharing is prohibited by applicable privacy and data protection law. We do not sell, trade or license Personal Information about our users for marketing purposes.
HOW DO WE SHARE OR DISCLOSE YOUR PERSONAL INFORMATION?
Where permitted by applicable law, we may share your Personal Information in the following contexts. If we are acting as a data processor, disclosures in the following contexts will be limited in accordance with the instructions from the data controller.
We may share your Personal Information with our corporate subsidiaries and affiliates and with their respective officers, directors, employees, accountants, attorneys and agents.
We may share your Personal Information with our contractors, service providers, and other third parties that need access to your information to provide operational or other support services on our behalf. Among other things, service providers help us to administer the Site; support our provision of services requested by you; send marketing promotions and communications to you about our services; provide payment processing; provide technical support; and assist with other legitimate purposes permitted by law.
Legal Obligations and Rights
Acquisitions and Similar Transactions
We may share your Personal Information in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our company assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us is among the assets transferred.
Disclosures with Consent
We may share your Personal Information to fulfill the purpose(s) disclosed by us when you provided your Personal Information and for which you have provided consent. We may further ask if you would like us to share your Personal Information with other unaffiliated third parties who are not described elsewhere in this Policy. We will only disclose your Personal Information in this context with your consent.
De-identified or Aggregated Data
We may disclose aggregated information about our users, and information that does not identify any specific individual, such as groupings of demographic data or customer preferences, for new services and marketing development.
We may share your Personal Information with our insurers and other professional advisors, including attorneys and accountants, that need access to your information to provide operational or other support services on our behalf.
We may disclosure your identity data and payment data via an encrypted connection to our payment processor.
HOW LONG DO WE STORE AND PROCESS YOUR INFORMATION?
We retain and use your Personal Information for as long as is necessary to fulfill the purposes for which it was collected, to comply with our business requirements and legal obligations, to resolve disputes, to protect our assets, to provide our services, and to pursue legitimate business purposes, to enforce our agreements.
We take reasonable steps to delete the Personal Information we collect when (1) we have a legal obligation to do so, (2) we no longer have a purpose for retaining the information, and (3) if you ask us to delete your Personal Information, unless we determine that doing so would violate our existing, legitimate legal, regulatory, dispute resolution, contractual, or similar obligations. We may also decide to delete your Personal Information if we believe it is incomplete, inaccurate, or that our continued storage of your Personal Information is contrary to our legal obligations or business objectives.
To the extent permitted by law, we may retain and use anonymous, de-identified, aggregated information for performance reporting, benchmarking, and analytic purposes and for product and service improvement. When we delete data, it will be removed from our active servers and databases; but it may remain in our archives when it is not practical or possible to delete it.
We are required by law to maintain records of consumer requests submitted under the California Consumer Privacy Act and how we responded to such requests for at least twenty-four (24) months. We only use this information for recordkeeping purposes. If you are a resident of California, please see the California Residents section for more information.
HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
We have put security measures in place to protect the Personal Information that you share with us from being accidentally lost, used, altered, or disclosed or accessed in any unauthorized manner. From time to time, we review our security procedures to consider appropriate new technologies and methods.
While our security measures seek to protect the Personal Information in our possession, no security system is perfect, and no data transmission is 100% secure. As a result, while we strive to protect your Personal Information, we cannot guarantee or warrant the security of any information you transmit to or from the Site. Your use of the Site is at your own risk. We cannot guarantee that your data will remain secure in all circumstances.
We have implemented reasonable security measures to detect fraudulent identity-verification activity and to prevent the unauthorized access to or deletion of Personal Information. Our information security program is based on the internationally recognized standards of ISO 27001 and AICPA SOC2 (SSAE 18). Key Echo360 business systems are GDPR, CCPA, and CPRA compliant and certified as SOC2 compliant. Systems and processes have been scrutinized for limiting access to only required personnel, and the proper protections and restrictions to physical accessibility have been implemented to secure your Personal Information from accidental loss and from unauthorized access, use, alteration or disclosure. We use reasonable security measures when transmitting Personal Information to consumers in responding to requests under the California Consumer Privacy Act.
The safety and security of your Personal Information also depends upon you. Where you use a password for access to restricted parts of the Site, you are responsible for keeping your password confidential. Do not share your password with anyone.
If a data breach compromises your Personal Information, we will notify you and any applicable regulator when we are required to do so by applicable law.
RIGHTS AND CHOICES REGARDING HOW WE USE AND DISCLOSE YOUR INFORMATION
Please use the “Contact Us” details at the end of this Policy to exercise your rights and choices under this Policy. If you would like to manage, change, limit, or delete your Personal Information nor if you no longer want to receive any text message or email contact from us in the future, such requests may be submitted via the “Contact Us” details at the end of this Policy.
Communication Preferences. If you no longer wish to receive communications from us via email, you may opt-out of certain types of communications (as described below) by clicking the “unsubscribe” link at the bottom of our emails or by contacting us at the “Contact Us” details provided at the end of this Policy and providing your name and email address so that we may identify you in the opt-out process. Once we receive your instruction, we will promptly take action.
- Communications Regarding Our Services. We will send you email notifications and free newsletters from time to time with offers, suggestions and other information. You may “opt-out” from receiving such communications by following the “Unsubscribe” instructions provided in the email.
- Legal or Security Communications. We also send out notices that are required for legal or security purposes. For example, certain notifications are sent for your own protection. In other cases, these notifications involve changes to various legal agreements, such as this Policy or the Terms of Service. Generally, you may not opt out of such emails.
- Account and Order Communications. If you subscribe to our services, we may send you communications regarding such services. We may also send communications providing customer support or responses to questions regarding the operation of the services. Generally, you may not opt out of such emails.
COOKIES AND SIMILAR TECHNOLOGIES
Cookies. A “cookie” is a small file created by a web server that can be stored on your device (if you allow) for use either during a particular browsing session (a “session” cookie) or a future browsing session (a “persistent” or “permanent” cookie). “Session” cookies are temporarily stored on your hard drive and only last until they expire at the end of your browsing session. “Persistent” or “permanent” cookies remain stored on your hard drive until they expire or are deleted by you. Local shared objects (or “flash” cookies) are used to collect and store information about your preferences and navigation to, from, and on a website. First-party cookies are set by the website you’re visiting, and they can only be read by that site. Third-party cookies are set by a party other than that website.
Essential Cookies and Similar Technologies. Essential cookies and other similar technologies used by us enable you to navigate the Site and use their services and features. Without these essential cookies, the Site will not perform correctly, and we may not be able to provide the Site to you or provide you with certain services or features of our Site.
Preference Cookies and Similar Technologies. Preference cookies collect information about your choices and preferences and allow us to remember language and other local settings and to customize our Site accordingly.
Social Media Cookies and Similar Technologies. Social Media cookies and other similar technologies used by us collect information about your use of social media websites.
Other Similar Technologies. In addition to cookies, there are other automatic data collection technologies, such as Internet tags, web beacons (clear gifs, pixel tags, and single-pixel gifs), and navigational data collection (log files, server logs, etc.) that can be used to collect data as users navigate through and interact with a website. For example, web beacons are tiny graphics with unique identifiers that are used to understand browsing activity. In addition, UTM codes are strings that can appear in a URL when you move from one web page or website to another. The string can represent information about browsing, such as which advertisement, page, or publisher sent the user to the receiving website.
Analytics Cookies and Similar Technologies. Analytics cookies and other similar technologies used by us collect information about your use of the Site and enable us to improve the way they work and operates. Specifically, analytics cookies provide us with information regarding what the most frequently visited pages on the Site are, help us record and debug any issues you may have with the Site, and show us how effective our advertising is. These analytics cookies do not allow us to see the usage of a single user but does allow us to see overall patterns of usage on the Site. We do not examine this information for individually identifying information, but we do use this information to understand the traffic on our Site.
Advertising Cookies and Similar Technologies. Advertising and other similar technologies used by us cookies are used to display targeting promotions or advertisements based on your use of the Site and interests and to manage our use of advertising resources. These cookies collect information about your activities on this and other sites to provide you with interest-based advertising. You can learn more about interest-based advertisements and your opt-out rights and options from members of the Network Advertising Initiative (“NAI”) on its website (www.networkadvertising.org) and from members of the Digital Advertising Alliance on its website (www.aboutads.info). We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can also opt out of receiving targeted ads from members of the NAI on its website.
Facebook. We use Facebook’s technologies to serve relevant advertisements and to track Facebook ad-driven visitor activity. Facebook Connect also gives you the option to post information about your activities to your profile page to share with others within your network by using a single sign-in service to authenticate your identity. You may learn more about Facebook’s policies by visiting https://www.facebook.com/policy.php, and you can also find instructions for opting out of receiving advertisements via that page.
Choices About Cookies and Similar Technologies. You may choose to not allow analytic cookies via the cookies consent banner or you may set your browser to refuse all or some browser cookies or to alert you when cookies are being set. For more information on how to modify your browser settings to block or filter cookies, visit http://www.aboutcookies.org/. You may learn more about internet advertising practices and related consumer resources at http://www.aboutads.info/consumers/, http://www.networkadvertising.org/choices, and http://youronlinechoices.eu/. These settings may affect your enjoyment of the Site’s functionality. Adjusting the cookie settings may not fully delete all of the cookies that have already been created. To delete them, you should review your web browser settings after you have changed your cookie settings. In addition to the above, the links below provide additional information about how to disable cookies or manage the cookie settings:
Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
Microsoft Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
Safari: https://support.apple.com/guide/safari/manage-cookies-sfri11471/mac and https://support.apple.com/en-us/HT201265
Zoom. Some services that we offer may use Zoom. When you join meetings and webinars on Zoom, other people or organizations, including third parties outside the meeting or webinar, may be able to see content and information that you share. Our customers, not Echo360, designates one or more people (called an Admin. User or “Administrator”) to manage the User’s Zoom account. Administrators may be able to see content and information shared in a Zoom meeting. You may learn more about Zoom’s policies by visiting https://explore.zoom.us/en/privacy/.
Online Tracking Signals. We do not currently recognize browser settings or signals of tracking preferences, which may include “Do Not Track” instructions. “Do Not Track” is a web browser setting that seeks to disable the tracking of individual users’ browsing activities. We adhere to the standards set out in this Policy and do not currently respond to “Do Not Track” signals on the Site or on third-party websites or online services where we may collect information.
Accuracy and Updating Your Personal Information. Our goal is to keep your Personal Information accurate, current, and complete. If any of the Personal Information you have provided to us changes, please update it in your user/account profile, or let us know via the “Contact Us” details at the end of this Policy. For instance, if your email address changes, you may wish to let us know so that we can communicate with you. If you become aware of inaccurate Personal Information about you, you may want to update your information. We are not responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
Complaints. If you believe that your rights relating to your Personal Information have been violated, you may lodge a complaint with us by contacting us via the “Contact Us” details at the end of this Policy.
CCPA and CPRA Notice at Collection. For purposes of the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”), in collecting the information described above, we collect the categories of Personal Information listed below.
When collecting Account Information, we will receive your name, email address, username, and unique personal identifier.
When collecting Social Media Information, Feedback or Support Inquiries, and Contact Us Data, we will receive your name and email address.
When collecting Social Media Information, we will receive your name and email address.
When collecting Cookies and Similar Technologies and Usage Information, we will receive your Internet Protocol (IP) address or unique device identifier.
We use Identifiers as set forth in the “How Do We Collect and Use Personal Information” and the “How Do We Share or Disclose Personal Information” sections of this Policy.
Categories of personal information described in the California Customer Records statute
When collecting Account Information, we will receive your name, email address, username, and unique personal identifier.
When collecting Social Media Information, Feedback or Support Inquiries, and Contact Us Data, we will receive your name and email address.
When collecting Social Media Information, we will receive your name and email address.
When collecting Cookies and Similar Technologies and Usage Information, we will receive your Internet Protocol (IP) address or unique device identifier.
We use Categories of Personal Information described in the California Customer Records statute as set forth in the “How Do We Collect and Use Personal Information” and the “How Do We Share or Disclose Personal Information” sections of this Policy.
Internet or other electronic network activity information
When collecting Cookies and Similar Technologies and Usage Information, we will receive data about which webpages you visit.
When collecting Location Information and Usage Information, we will automatically receive information from your browser and your device, which includes the date and time of your visit as well as your location, Internet Protocol (IP) address, domain server, browser type, access time, and data about which pages you visit.
We use Internet or Other Electronic Network Activity Information as set forth in the “How Do We Collect and Use Personal Information” and the “How Do We Share or Disclose Personal Information” sections of this Policy.
When collecting Cookies and Similar Technologies, Location Information and Usage Information we will receive your geolocation while using the Site.
We use Geolocation Data as set forth in the “How Do We Collect and Use Personal Information” and the “How Do We Share or Disclose Personal Information” sections of this Policy.
Audio, electronic, visual, thermal, olfactory, or similar information
We use Audio, electronic, Visual, Thermal, Olfactory, or Similar Information as set forth in the “How Do We Collect and Use Personal Information” and the “How Do We Share or Disclose Personal Information” sections of this Policy.
When collecting Contact Us Data, we will receive your preferred method of contact and the message that you choose to provide.
We use Commercial Information as set forth in the “How Do We Collect and Use Personal Information” and the “How Do We Share or Disclose Personal Information” sections of this Policy.
Professional or employment-related information
When collecting Account Information and Contact Us Data, we will receive your work email address, work telephone number, company name, and company address.
We use Professional or Employment-Related Information as set forth in the “How Do We Collect and Use Personal Information” and the “How Do We Share or Disclose Personal Information” sections of this Policy.
Examples: Derivation of information, data, assumptions, or conclusions from facts, evidence, or another source of information or data) drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Data Practices During Last 12 Months
Personal Information Collected: As described in this Policy, we have collected the categories of Personal Information listed below during the preceding 12 months:
- Categories of personal information described in the California Customer Records statute
- Internet or other electronic network activity information
- Geolocation data
- Audio, electronic, visual, thermal, olfactory, or similar information
- Commercial Information
- Professional or employment-related information
Categories of Sources: We have collected the Personal Information identified in this Policy from you directly when you provide it to us, automatically as you navigate through the Site, which may include, but not be limited to, usage details, IP addresses, and information collected through cookies and other tracking technologies, and from our business partners, as applicable.
Business and Commercial Purposes for Collecting: We have collected the categories of Personal Information listed above for the following purposes:
- Operate the Site;
- Provide our services to you;
- Ensure the privacy and security of our Site and services;
- Maintain our databases and back-ups;
- Manage our relationships with you;
- Communicate with you;
- Keep records of our communications with you;
- Analyze use of the Site and our services;
- Serve you the content and functionality you request;
- Develop new services;
- Enhance your experience;
- Track visits to the Site;
- Provide you with a more personal and interactive experience on the Site; and
- Usage analytics purposes.
Personal Information Sold: We have not sold or shared categories of Personal Information during the preceding 12 months.
Personal Information Disclosed for a Business Purpose. We have disclosed for a business purpose the categories of Personal Information listed below during the preceding 12 months:
- Categories of personal information described in the California Customer Records statute
- Characteristics of protected classifications
- Commercial information
- Internet or other electronic network activity information
- Commercial Information
- Geolocation data
We have disclosed each category of Personal Information to the following categories of third parties: (1) corporate parents, subsidiaries, and affiliates; (2) advisors (accountants, attorneys); (3) contractors and service providers (data analytics, data storage, mailing, marketing, website and platform administration, technical support); and (4) operating systems and platforms.
Personal Information Retention. We will store your Personal Information for as long as is reasonably necessary to fulfill the purposes described in this Policy or as required by law or Echo360’s data retention policy.
Echo360 does not collect or maintain Personal Information on any minors under the age of 16. We do not knowingly sell or share Personal Information of minors under 16 years old, however, to the extent we knowingly “sell” or “share” as those terms are defined under the CCPA and the CPRA, respectively, the Personal Information of minors under 16 years old who are California residents, we either obtain prior affirmative authorization from such minor to the opt-in to the sale of the minor’s Personal Information or obtain affirmative authorization from the minor’s parent or guardian. A minor, or parent/guardian, who has opted in to the sale of the minor’s Personal information has the right to opt-out at any time. To exercise your right to opt-out see the Right to Opt-Out section below. See also the Submitting a Request and Right to Delete sections with regard to Personal Information of any minors under the age of 16.
No Financial Incentive
We do not offer financial incentives or any price or service difference in exchange for the retention, sale, or sharing of your Personal Information.
Right to Opt-Out/Do Not Sell or Share My Personal Information or Sensitive Personal Information
Under the CCPA and CPRA, you have the right to direct us to stop selling and sharing your Personal Information to third parties and to refrain from doing so in the future. To the extent we sell or share your Personal Information, as those terms are defined in the CCPA and CPRA, respectively, you have the right to opt-out of the sale or sharing of your Personal Information at any time. You may submit a request to opt-out using the link on our website, or by contacting or us at 1-877-ECHO360 x2 or by email at firstname.lastname@example.org or email@example.com. For purposes of the CCPA and the CPRA, we do not sell or share Personal Information or Sensitive Personal Information as defined under applicable law.
Requests to Know, Requests to Delete, and Requests to Correct
The CCPA and CPRA gives consumers the right to request that we (1) disclose what Personal Information we collect, use, disclose, sell, and share and (2) delete certain Personal Information that we have collected or maintain. You may submit these requests to us as described below, and we honor these rights where they apply.
If a request is submitted in a manner that is not one of the designated methods for submission, or if the request is deficient in some manner unrelated to our verification process, we will either (1) treat the request as if it had been submitted in accordance with the designated manner, or (2) provide you with specific directions on how to submit the request or remedy any deficiencies with the request, as applicable.
Request to Know. As a California resident, you have the right to request: (1) the specific pieces of Personal Information we have collected about you; (2) the categories of Personal Information we have collected about you; (3) the categories of sources from which the Personal Information is collected; (4) the categories of Personal Information about you that we have sold or shared and the categories of third parties to whom the Personal Information was sold or shared; (5) the categories of Personal Information about you that we disclosed for a business purpose and the categories of third parties to whom the Personal Information was disclosed for a business purpose; (6) the business or commercial purpose for collecting, disclosing, selling, or sharing Personal Information; and (7) the categories of third parties with whom we share Personal Information. Our response will cover the 12-month period preceding our receipt of a verifiable request, except as otherwise required by applicable law.
Request to Delete. As a California resident, you have a right to request the erasure/deletion of certain Personal Information collected or maintained by us. As described herein, we will delete your Personal Information from our records and direct any service providers (as defined under applicable law) to delete your personal information from their records. However, we are not required to honor a deletion request if an exemption applies under the law.
Request to Correct. As a California resident, you have a right to request the correction of certain inaccurate Personal Information collected or maintained by us. Upon receipt of a verifiable request to correct inaccurate Personal Information, we will use commercially reasonable efforts to correct the inaccurate Personal Information as directed by you, pursuant to applicable law.
Right to Limit Use and Disclosure of Sensitive Personal Information
As a California resident, you have a right to request that use and disclosure of Sensitive Personal Information be limited to that use which is necessary to perform the services or provide the goods reasonably expected by a similarly situated consumer and as authorized in accordance with applicable law. You further have the right to opt-out of the selling or sharing of your Sensitive Personal Information. See the Right to Opt-Out section for further instructions as to how to Opt-Out.
Submitting a Request
Submission Instructions. You may submit a request to know or to delete via your Account Page or by email to firstname.lastname@example.org or email@example.com. Regarding requests to delete, we may present you with the choice to delete select portions of your Personal Information, but a global option to delete all Personal Information will be offered and more prominently presented.
Verification Process. We are required by law to verify the identities of those who submit requests to know or to delete. To determine whether the individual making the request is the consumer about whom we have collected information, we will verify your identity by matching the identifying information provided by you in the request to the personal information that we already maintain about you. As a part of this process, you will be required to provide your full name, account number, address, and telephone number. We will inform you if we cannot verify your identity.
- If we cannot verify the identity of the person making the request for specific pieces of Personal Information, we are prohibited from disclosing any specific pieces of Personal Information to the requestor. However, if denied in whole or in part for this reason, we will evaluate the request as if it is seeking the disclosure of categories of personal information about the consumer.
- If we cannot verify the identity of the person making a request to delete, we may deny the request.
- If there is no reasonable method by which we can verify the identity of the requestor to the degree of certainty required, we will state this in our response and explain why we have no reasonable method by which we can verify the identity of the requestor.
Authorized Agents. Authorized agents may submit requests via the methods identified in this Policy. If you use an authorized agent to submit a request to know or a request to delete, we may require you to: (1) provide the authorized agent with signed permission to do so; (2) verify your identity directly with us; and (3) directly confirm with us that you provided the authorized agent permission to submit the request. However, we will not require these actions if you have provided the authorized agent with power of attorney pursuant to the California Probate Code.
Excessive Requests. If requests from a consumer are manifestly unfounded or excessive, in particular because of their repetitive character, we may either (1) charge a reasonable fee, or (2) refuse to act on the request and notify the consumer of the reason for refusing the request. If we charge a fee, the amount will be based upon the administrative costs of providing the information or communication or taking the action requested.
Time Period to Comply with Requests. Echo360 will disclose and deliver the required information as requested by you pursuant to this Section free of charge, correct inaccurate Personal Information, or delete your Personal Information, based on your request, within 45 days of receiving a verifiable request, but will confirm receipt of your request within 10 business days of receipt of same. We will promptly take steps to determine whether the request is a verifiable consumer request, as set forth herein, but this shall not extend our duty to disclose and deliver the information, to correct inaccurate Personal Information, or to delete Personal Information within 45 days of receipt of the request. However, the time period to provide the required information, to correct inaccurate Personal Information, or to delete Personal Information may be extended once by an additional 45 days when reasonably necessary, provided we provide you with notice of the extension within the first 45-day period.
You have the right not to receive discriminatory treatment by us due to your exercise of the rights provided by the CCPA and CPRA. We do not offer financial incentives and price or service differences, and we do not discriminate against consumers for exercising their rights under the CCPA and CPRA.
California Shine the Light
Under California Civil Code Section 1798.83, California residents who provide Personal Information in obtaining products or services for personal, family, or household use may be entitled to request and obtain from us once a calendar year information about the information we shared, if any, with other businesses for direct marketing uses. At present, we do not share your Personal Information with third parties for those third parties’ direct marketing purposes. Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing, if any, will be included in our response. As part of the California Online Privacy Protection Act, all users of our Site may make any changes to their information at any time by contacting us at firstname.lastname@example.org.
You may submit a verified request to us at email@example.com to request that we not make any sale (as defined under Nevada law) of any covered information (as defined under Nevada law) that we have collected or will collect about you. Please provide your name and contact information in your request, and we will respond to your request in accordance with Nevada law. However, please know that we do not currently sell data triggering the Nevada statute’s opt-out requirements.
Colorado, Connecticut, Virginia, and Utah
If you are a resident of Colorado, Connecticut, Utah or Virginia, you may have certain privacy rights under the applicable privacy laws in your state (“State Privacy Laws”). This section describes those rights and how you can exercise them with Echo360.
Right to Know, Right to Deletion and Right to Correct
You can request what Personal Information we have collected, used, disclosed, and sold.
You can request to correct inaccuracies in your Personal Information, taking into account the information’s processing purpose.
You can opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects including, but not limited to, automated processing performed on personal information to evaluate, analyze or predict personal aspects related to your economic situation, health, personal preferences, interests, reliability, behavior, location or movements (“Profiling”). To submit a request to opt out pursuant to this section, please contact us using the information provided in the Contact Us section of this Policy. To opt out of cookie-based or digital advertising-based Profiling, please opt out of the selling/sharing of your information for targeted advertising, as described above. Note that if you opt out of profiling, your experience with Echo360 will be less personalized.
We will not be able to opt you out of Profiling where one of the following exceptions applies:
- Legal: To comply with applicable laws, rules or regulations; to comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by governmental authorities; to cooperate with law enforcement; to investigate, exercise, prepare for or defend actual or anticipated legal claims; or to assist another party with any of its obligations under applicable laws;
- Security: To prevent, detect, protect against, or respond to security incidents, identity theft, fraud, harassment, or malicious, deceptive, or illegal activity; preserve the integrity or security of systems; or investigate, report, or prosecute those responsible for any such action;
- Improvement of Services and Products/Internal use: To conduct internal research to improve, repair or develop products, services or technology;
- Transactional: To provide a product or service specifically requested by you; to complete a transaction with you or to complete a contract we have with you; and
- Public Interest: To protect your vital interests or those of another individual.
You can also request that we delete your Personal Information. We may not delete all of your Personal Information if one of the following exceptions applies:
- Transactional: To complete a transaction for which the Personal Information was collected, provide a good or service requested by you, or perform a contract we have with you;
- Security: To detect data security incidents; preserve the integrity or security of systems; or investigate, report, or prosecute those responsible for any such action;
- Error Correction: To debug or repair any errors;
- Legal: To protect against fraud, harassment, malicious or deceptive activities, or illegal activity or to comply with applicable law or a legal obligation, or exercise rights under the law, such as the right to free speech; to assist another party with any of its obligations under applicable privacy laws; or
- Internal Use: To use your Personal Information, internally, in a lawful manner that is compatible with the context in which you provided the information (i.e., to improve our services).
Right to Appeal
If you are a Colorado, Connecticut or Virginia resident and we were unable to fulfill your request, you may appeal our request by contacting us using the information provided in the Contact Us section of this Policy within fourteen days of our decision, and submitting an appeal request, with a detailed reason for your appeal, as well as your state of residence.
To exercise any of these rights or to appeal a decision regarding a consumer rights request, please contact us using any of the methods listed in Contact Us section of this Policy.
If you are located in Canada, you have the following rights under Canada’s main federal law relating to privacy, the Personal Information Protection and Electronic Documents Act (PIPEDA):
- ask whether we hold Personal Information about you and request copies of such Personal Information and information about how it is processed;
- request that inaccurate Personal Information is corrected;
- request deletion of Personal Information that is no longer necessary for the purposes underlying the processing, processed based on withdrawn consent, or processed in non-compliance with applicable legal requirements; and
- lodge a complaint with us regarding our practices related to your Personal Information.
To exercise any of these rights, please contact us using any of the methods listed in the Contact Us section of this Policy.
If you are an individual located in Australia whose Personal Information is collected or held by us at a time when the collecting or holding entity has an ‘Australian link’ within the meaning of the Privacy Act 1988 (Cth) (the “Australian Privacy Law”), you may:
- request access to your Personal Information processed by Echo360;
- seek correction of your Personal Information processed by Echo360;
- make a complaint to us about a breach of the Australian Privacy Law;
by contacting us using any of the methods listed in the Contact Us section of this Policy.
Prior to providing you with access to, or correcting your, Personal Information, we will seek to verify your identity. We will not charge you a fee for requesting corrections of your Personal Information, however, in some circumstances, we may charge you a fee for providing you access to your Personal Information to cover reasonable administrative costs in locating, copying, and supplying that information to you.
We will investigate any complaint you may have with respect to the handling of your Personal Information and endeavor to resolve any issue to your satisfaction. If we do not adequately answer your concerns, you will have the right to make a complaint to the Office of the Australian Information Commissioner (OAIC) by phone at 1300 363 992 or completing the OAIC’s privacy complaint fo/rm.
If you are located in the EU or EEA, you have the following rights under the GDPR. All requests should be sent to the address noted in the “Contact Us” section of this Policy, and we will fulfill requests to the extent required by applicable law.
Personal Data. Under the GDPR, Personal Data is defined as any information relating to an identified or identifiable natural person (“Data Subject”). A Data Subject is an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Collection of Personal Data. Your Personal Data may be collected whenever Echo360:
- interacts with individuals who are prospective and existing customers/suppliers;
- interacts with individuals who are representatives or contact persons of prospective and existing customers/suppliers that are legal entities (e.g., for the selling/ordering of products or for marketing related purposes); or
- uses public databases to facilitate the provision of goods or services (e.g., to link a license plate with car identification information).
Categories of Personal Data Collected. Echo360 may collect:
- basic identification information, such as name, title, position, company name, email and/or postal address and the fixed and/or mobile phone number;
- financial information (e.g., bank account details, credit card information);
- information regarding the status of direct marketing emails (e.g., not delivered, delivered, opened);
- any additional information you voluntarily provide, (e.g., by filling in a form or registering for an email newsletter).
This information may either be directly provided by the above individuals or provided by the legal entity for whom they work (e.g., if they are the contact person designated by their employer to manage the commercial relations with Echo360).
Legal Basis of the Processing. We are not allowed to process Personal Data if we do not have a valid legal ground. Therefore, we will only process Personal Data if:
- we have obtained your prior consent;
- the processing is necessary to perform our contractual obligations towards you or to take pre-contractual steps at your request;
- the processing is necessary to comply with our legal or regulatory obligations (e.g., tax or accounting requirements); or
- the processing is necessary for the legitimate interests of Echo360 and does not unduly affect your interests or fundamental rights and freedoms. Please note that, when processing your Personal Data on this basis, we seek to maintain a balance between our legitimate interests and your privacy.
Right of Access. To the extent required by law, you have the right to receive confirmation as to whether or not Personal Data concerning you are being processed, and, where that is the case, access to the Personal Data and the following information: the purposes of the processing; the categories of Personal Data concerned; and the recipients or categories of recipient to whom the Personal Data have been or will be disclosed. We will provide a copy of your Personal Data in compliance with applicable law.
Right of Rectification. Our goal is to keep your Personal Data accurate, current, and complete. Please contact us if you believe your information is not accurate or if it changes.
Right to Erasure. In some cases, you have a legal right to request that we delete your Personal Data when (1) it is no longer necessary for the purposes for which it was collected, (2) consent has been withdrawn in certain instances, (3) you have objected to the processing in certain instances, (4) the Personal Data has been unlawfully processed, (5) the Personal Data have to be erased for compliance with a legal obligation; and (6) the Personal Data were collected in relation to the offer of information society services. However, the right is not absolute. When we delete Personal Data, it will be removed from our active servers and databases as well as the Site; but, it may remain in our archives when it is not practical or possible to delete it. We may also retain your Personal Data as needed to comply with our legal obligations, resolve disputes, or enforce any agreements.
Right to Restrict Processing. You have the right to restrict the processing of your Personal Data when (1) the accuracy of the Personal Data is contested, for a period enabling the controller to verify the accuracy of the Personal Data; (2) the processing is unlawful and you oppose erasure and request a restriction instead; (3) we no longer need the Personal Data, but you need us to keep it for the establishment, exercise, or defense of legal claims; or (4) you have objected to us processing the Personal Data, pending resolution of the objection.
Right to Object. In certain circumstances, you have the right to object to the processing of your Personal Data where the processing is necessary for performance of a task carried out in the public interest, for our legitimate interests, or for the legitimate interests of others. You also have the right to object where Personal Data are processed for direct marketing purposes or for scientific or historical research purposes or statistical purposes.
Right to Withdraw Consent. If you have provided your consent to the collection, processing, and transfer of your Personal Data, you may have the right to fully or partially withdraw your consent. Once we have received notice that you have withdrawn your consent, in whole or in part, we will no longer process your information for the purpose(s) to which you originally consented and have since withdrawn unless there are compelling legitimate grounds for further processing that override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. Withdrawal of consent to receive marketing communications will not affect the processing of Personal Data for the provision of our services.
Right to Complain. If you believe we have not processed your Personal Data in accordance with applicable provisions of the GDPR, we encourage you to contact us at firstname.lastname@example.org or email@example.com. You also have the right to make a GDPR complaint to the relevant Supervisory Authority or seek a remedy through the courts. A list of Supervisory Authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law.
INTERNATIONAL DATA TRANSFERS
Because Echo360 does business in many countries, Personal Information or Personal Data, as applicable, collected by Echo360 in one country may be transferred to, stored, or processed in another country, the data protection, privacy and other laws of which might not be as protective or comprehensive as those in your country. Personal Information or Personal Data, as applicable, gathered in one country may be subject to access by and disclosure to law enforcement agencies of jurisdictions other than the country where the Personal Information or Personal Data was first collected. Echo360 also may share Personal Information or Personal Data, as applicable, with organizations and entities that perform services on its behalf, and these organizations and entities may be located in countries other than the country in which the Personal Information or Personal Data was first collected.
Echo360 will endeavor to obtain appropriate and reasonably enforceable assurances from third parties, including its subsidiaries and affiliates, to which it discloses or transfers Personal Information or Personal Data that these third parties will safeguard Personal Information or Personal Data, as applicable, in a manner consistent with this Policy. When Echo360 becomes aware that a third party is using or disclosing Personal Information or Personal Data in a manner contrary to this Policy, Echo360 will endeavor to take reasonable steps to prevent or stop such use or disclosure. To the extent applicable law requires an individual’s consent before disclosing Personal Information or Personal Data to third parties, Echo360 will endeavor to obtain the individual’s consent prior to such transfer. There may be circumstances where Echo360 is required to transfer Personal Information or Personal Data without obtaining prior consent, including (i) where required by a court order; (ii) where Echo360 believes, upon reasonable grounds, that it is necessary to protect the rights, privacy, or safety or property of a person or group of persons; (iii) where it is necessary to establish or collect monies owing to Echo360 or to complete a transaction with a third party; (iv) where it is necessary to permit Echo360 to pursue available remedies or limit any damages we may sustain; or (v) where the information is public. When Echo360 is obliged or permitted to disclose Personal Information or Personal Data, Echo360 will endeavor not to disclose more than is required.
The Personal Information or Personal Data transferred within or outside Echo360 may also be processed in a country outside the EU and the EEA. We rely on recognized legal bases to lawfully conduct cross-border/international transfers of such information outside of the EU and EEA, such as your express informed consent to do so (as noted above), when transfer is necessary for us to deliver services pursuant to an agreement between us and you, for the conclusion or performance of a contract concluded in the interest of the Data Subject between the controller and another natural or legal person, or when the transfer is subject to safeguards that assure the protection of your Personal Information or Personal Data, as applicable, such as the European Commission’s approved standard contractual clauses. To that end, if your Personal Information or Personal Data is transferred outside the EEA, we will enter into EU standard contractual clauses approved by the European Commission prior to such transfer to ensure the required level of protection for the transferred Personal Information. You may request additional information in this respect and obtain a copy of the relevant safeguard we have put in place by exercising your rights as set out int this Policy.
LINKS TO OTHER SITES
This Policy only applies to the Site, and it does not apply to any third-party websites or applications.
The Site may contain links to, or media and other content from, third-party websites. These links are to external websites and third parties that have their own privacy policies. If you follow any links that direct you away from the Site, including links to social media sites or to other websites, this Policy will not apply to your activity on the other sites you visit. Because of the dynamic media capabilities of the Site, it may not be clear to you which links are to the Site and which are to external, third party websites. If you click on an embedded third-party link, you will be redirected away from the Site to the external third-party website. You can check the URL to confirm that you have left this Site.
We cannot not (i) guarantee the adequacy of the privacy and security practices employed by or the content and media provided by any third parties or their websites, (ii) control the privacy policies or the privacy practices of any third parties regarding their independent collection or use or your personal information, or (iii) endorse any third party information, products, services or websites that may be reached through embedded links on this Site.
We rely on recognized legal bases to lawfully conduct cross-border/international transfers of personal information outside of the EU and EEA, such as your express informed consent to do so (as noted above), when transfer is necessary for us to deliver services pursuant to an agreement between us and you, for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person, or when the transfer is subject to safeguards that assure the protection of your personal information, such as the European Commission’s approved standard contractual clauses.
CHILDREN UNDER 18
The Children’s Online Privacy Protection Act (“COPPA”), as well as other data privacy regulations, restrict the collection, use, or disclosure of personal information from and about children on the Internet. The Site is restricted to the use of adults over the age of majority in their place of residence. No portion of the Site is directed to children under the age of 18, and no one under the age of 18 may access, browse, or use the Site or provide any information to or on the Site. Consequently, we do not knowingly collect Personal Information from any person under the age of 18. If we learn that we have collected Personal Information from a child under age 18 without a parent’s or legal guardian’s consent, we will take steps to stop collecting that information and delete that information as quickly as possible. If you are a parent or guardian of a child under 18 years of age and you believe your child has provided us with Personal Information, please contact us at compliance@Echo360.com.
For more information about COPPA, please visit the Federal Trade Commission’s website at: https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule.
UPDATES AND CHANGES TO THIS POLICY
We reserve the right to add to, change, update, or modify this Policy at any time to reflect any changes to how we treat your information or in response to changes in law. In the event we make changes to this Policy, such policy will be re-posted on this page, with the date such modifications were made indicated on the top of the page. If we make material changes to how we treat your information, we may contact you to inform you about the revisions with a link to the revised Policy or notify you through a notice on the homepage of the Site for a reasonable period of time. All changes are effective on the date listed at the top of this page and will apply to all information that we have about you.
You are expected to, and you acknowledge and agree that it is your responsibility to, carefully review this Policy prior to using the Site, and from time to time, so that you are aware of any changes. Your continued use of the Site or our services after the “Last Updated” date indicates your acceptance of the changes and your continued consent to our processing of your Personal Information according to the terms of the then-current Policy. If at any point you do not agree to any portion of this Policy, then you should immediately stop using the Site and the services. Because this Policy contains legal obligations, we encourage you to review this Policy carefully.
For more information, or if you have any questions concerning this Policy or our information collection, storage and disclosure practices, wish to exercise your rights, or wish to lodge a complaint with us, you may contact us using the information below. Please note, if your communication is sensitive, you may wish to contact us by postal mail or telephone.
In Writing: Turning Tech Intermediate, Inc., d/b/a Echo360
Attn: Privacy Officer/Customer Information
265 West Federal Street
Youngstown, Ohio 44503
By Email: firstname.lastname@example.org
When you contact us, please describe in as much detail as possible the nature of your inquiry. We will investigate your inquiry promptly.
In the event you feel we have not adequately resolved your complaint, we have other recourse mechanisms available to you. If you are a European resident and have a complaint regarding this Policy, please note that the under the GDPR you have the right to contact your local data protection supervisory authority. In other jurisdictions, please refer to your local Data Protection Legislation for other appropriate recourse mechanisms that may be available to you should you have any unresolved complaints regarding this Policy.
ECHO360 MODERN SLAVERY POLICY
Modern slavery is a crime and a violation of fundamental human rights; it includes slavery, servitude, forced labour, forced marriage, child labour violations, debt bondage, deceptive recruiting for labour or services, and human trafficking.
Echo360 is committed to acting ethically and with integrity in all our business dealings and relationships, and to implementing and enforcing systems and controls to ensure modern slavery is not present or permitted in our own business practices or across any of our controllable supply chains. Our practices and policies in this regard are guided by the United Kingdom’s Modern Slavery Act 2015 and the Australian Modern Slavery Act 2018.
This policy applies to all persons working for Echo360 or on our behalf in any capacity, including employees, directors, officers, volunteers, interns, agents, contractors, consultants, third-party representatives, and business partners. The policy is applied to and enforced for all Echo360 business activities in all Echo360 markets.
Responsibility for the policy
Echo360 has responsibility for ensuring this policy complies with our legal and ethical obligations, and that those under our direct or indirect management comply with it.
Compliance with the policy
All persons working for Echo360 must comply with this policy. The prevention, detection, and reporting of modern slavery in any part of our business or supply chains is the responsibility of those working for us or under our control.
All persons are required to avoid any activity that might lead to or suggest a breach of this policy and must notify their line manager OR a company Director as soon as soon as they believe or suspect that a conflict with this policy has occurred or may occur in the future.
If any person working for Echo360 is unsure about whether a particular act, the treatment of workers more generally, or their working conditions within any tier of Echo360’s supply chains constitute any of the various forms of modern slavery, they must raise it with Human Resources via email @ email@example.com
Communication & awareness of this policy
Internal employees will be trained on and indicate acceptance of Echo360’s policy at time of hire, with updates provided using established methods of communication between Echo360 management and employees.
External suppliers, contractors, consultants, and partners will be advised and encouraged to accept Echo360’s policy at the outset of our business relationship with them, and reinforced as appropriate thereafter.
Breaches of this policy
Any employee or external entity who breaches Echo360’s policy will face commensurate disciplinary action, which could result in dismissal or termination.
Last updated: 2022-07
EQUAL OPPORTUNITY/NON-DISCRIMINATION POLICY
Echo360 is an equal opportunity employer and will provide equality in employment for all people employed or seeking employment. Every person will be given a fair and equitable chance to compete for appointment, promotion or transfer, and to pursue their career as effectively as others. Employment decisions relating to appointment, promotion and career development will be determined according to individual merit and competence.
Consistent with this, Echo360 does not condone any form of unlawful discrimination or vilification, including that which relates to: gender; pregnancy; marital/domestic status; disability; race, color, national extraction, social origin, descent, and ethnic or national origin; age; family responsibilities, family status; status as a parent or carer; racial classification; sexuality; religious belief or activity; political belief or activity; trade union activity; physical features; medical record; criminal record; or any other legally protected attribute.
In all cases, no factors other than performance and competence are to be used as the basis for performance assessment, training and development opportunities and promotions.
GENDER EQUALITY POLICY
Within the principle of providing equal employment opportunities for all qualified employees and applicants, the Company is committed to promoting a workplace culture that is inclusive, supportive, and respectful of all employees, regardless of gender. Our commitment to gender equality is manifest in the following areas:
We do not tolerate discrimination based on gender, gender identity, gender expression, or any other protected characteristic. We expect all employees to treat each other with respect and dignity, and to avoid any behavior or language that could be considered discriminatory.
2. Equal Opportunity
We provide equal employment opportunities to all employees, including opportunities for promotion, training, and development. We do not discriminate based on gender, and we are committed to creating a workplace where everyone has the opportunity to succeed.
3. Pay Equity
We are committed to paying all employees fairly and equitably, regardless of gender. We regularly review our pay practices to identify and address any disparities, and we strive to provide competitive compensation packages to all employees.
4. Harassment and Bullying
We do not tolerate any form of harassment or bullying, including sexual harassment, in the workplace. We take all complaints of harassment or bullying seriously and investigate them thoroughly. We provide support and resources to employees who experience harassment or bullying, and we take appropriate disciplinary action against anyone found to have engaged in such behavior.
5. Flexible Work Arrangements
We offer flexible work arrangements to help employees balance their work and personal responsibilities. We understand that everyone’s needs are different, and we strive to accommodate individual preferences as much as possible.
6. Support for Caregivers
We recognize the challenges that caregivers face and are committed to supporting employees who have caregiving responsibilities. We offer a range of support services, such as flexible work arrangements, access to child care or elder care resources, and time off for caregiving responsibilities.
Harassment Will Not Be Tolerated
Echo360 is committed to providing a workplace that is free of verbal, physical and visual forms of harassment so that everyone can work in a productive, respectful and professional environment. Harassment in employment based on sex, race, national origin, religion, age, marital status, sexual orientation, disability, or any other basis prohibited by local, state or federal law is strictly prohibited. Echo360 does not tolerate harassment, based upon any protected status, by anyone in the workplace — supervisors, co-workers, or non-employees. Employees who violate this policy are subject to discipline, up to and including possible termination.
Examples of harassment based on race, national origin, religion, marital status, sexual orientation, age or disability can include, but are not limited to:
• Cartoons or other visual displays of objects, pictures or posters that depict such protected groups in a derogatory way;
• Verbal conduct, including making or using derogatory comments, epithets, slurs and jokes towards such groups or individuals based on the identified characteristics.
Sexual harassment is generally defined as unwelcome sexual advances, requests for sexual favors, or other visual, verbal or physical conduct of a sexual nature when:
• Submission to such conduct is made either explicitly or implicitly a term or condition of employment;
• Submission to or rejection of such conduct affects employment opportunities; or
• The conduct interferes with an employee’s work or creates an intimidating, hostile or offensive work environment.
Sexual harassment includes harassment based on another person’s gender or harassment based upon pregnancy, childbirth, or related medical conditions. It also includes harassment of another employee of the same gender as the harasser.
Examples of sexual harassment include, but are not limited to, the following types of behavior:
• Unwelcome sexual advances, like requests for dates or propositions for sexual favors;
• Excessive, one-sided, romantic attention in the form of requests for dates, love letters, calls, emails or gifts;
• Offering or conditioning an employment benefit, like a raise, a promotion or a special job assignment, in exchange for sexual favors;
• Making or threatening reprisals, or changing performance expectations after an employee has turned down a sexual advance;
• Visual or physical conduct, like leering, making sexual gestures, or displaying sexually suggestive objects, pictures, cartoons, calendars or posters in the workplace;
• Verbal conduct, like making or using derogatory comments, epithets, slurs, teasing and jokes of a sexual nature;
• Verbal or written comments (including emails or electronic messages) about an individual’s sex life or body;
• Sexually degrading words used to describe an individual;
• Suggestive or obscene letters, emails, notes or invitations; and
• Unwelcome physical contact, including pats, hugs, brushes, touches, shoulder rubs, assaults, or impeding or blocking movements.
This policy is also violated if an employee is fired, denied a job, or denied some other employment benefit because the employee refused to grant sexual favors, complained about harassment, or assisted in an investigation of harassment. Echo360 is committed to taking reasonable steps to prevent harassment from occurring and will take immediate and appropriate action when we know that unlawful harassment has occurred. To do this, however, we need the cooperation of all employees at all levels.
The Company is committed to conducting our business with integrity and in compliance with all applicable laws and regulations. Corruption in any form is strictly prohibited and will not be tolerated. We have a responsibility to act with honesty and transparency in all of our business dealings.
The Company’s Anti-Corruption Policy includes but is not limited to:
• Bribery, including offering or accepting gifts, money, or other benefits in exchange for business or personal favors.
• Kickbacks, including giving or receiving money or other benefits in exchange for business referrals or contracts.
• Fraud, including misrepresenting company information or falsifying records.
• Any other corrupt or unethical behavior that violates the law or company policies.
All employees are required to comply with this policy and any applicable laws and regulations. Employees who violate this policy may be subject to disciplinary action, up to and including termination of employment. The company reserves the right to take legal action against any employee or third party involved in corruption or unethical behavior
FREEDOM OF EXPRESSION POLICY
The Company recognizes and respects our employees’ right to express their opinions and views freely, both inside and outside of the workplace. We believe that open communication and the exchange of ideas are essential to creating a productive, creative, and supportive workplace culture, and we foster employee freedom of expression through the following:
We encourage open communication and the exchange of ideas among all employees, and we strive to create an environment where everyone feels comfortable expressing their opinions and views. We believe that diverse perspectives lead to better decision-making and problem-solving, and we value the contributions of all employees.
While we encourage open communication, we also expect all employees to communicate in a respectful and professional manner. We do not tolerate any form of harassment, discrimination, or bullying in the workplace, including any communication that could be considered threatening or offensive.
We recognize that certain information must be kept confidential, such as trade secrets, proprietary information, and personal information. We expect all employees to respect the confidentiality of such information and to avoid disclosing it to unauthorized parties.
We recognize that social media has become an important tool for communication and expression, both inside and outside of the workplace. We expect all employees to use social media in a responsible and professional manner, and to avoid any communication that could be considered defamatory, harassing, discriminatory, or offensive.
ENVIRONMENTAL POLICY STATEMENT
Echo360 is committed to reducing its impact on the environment. We will strive to improve our environmental performance over time and to initiate additional projects and activities that will further reduce our impacts on the environment.
Our commitment to the environment extends to our customers, our staff, our partners, and the community in which we operate. We are committed to:
• Comply with all applicable environmental regulations;
• Prevent pollution whenever possible;
• Train all staff on our environmental program and empower them to contribute and participate;
• Communicate our environmental commitment and efforts to our customers, staff, and our community; and
• Continually improve over time by striving to measure our environmental impacts and by setting goals to reduce these impacts each year.
ENVIRONMENTAL POLICY IMPACT A: Solution Sustainability
Echo360’s solution is hosted by Amazon Web Services and Echo360 trusts AWS to minimise its impact on the environment as much as possible. AWS has publicly shared its commitment to sustainable energy with a goal to power the global AWS infrastructure with 100% renewable energy by 2025.
AWS is rapidly progressing towards meeting these goals by focusing on four complementary areas.
• First, AWS is continuously working on ways to increase the energy efficiency of its facilities and equipment, innovating the design and manufacture of its servers, storage, and networking equipment to reduce energy use and improve operational excellence as the business grows.
• Second, AWS works with industry associations, international, federal, and state governments to increase incentives and create a more favourable environment for renewable energy.
• Third, AWS works with its various power providers that supply AWS data centres around the world to increase the availability of renewables in their power supply while maintaining low prices.
• And fourth, AWS has funded many wind and solar PPAs to increase the overall amount of renewable energy available on the grids that serve AWS data centres.
These initiatives will be extended to the global AWS data centres over time.
Amazon is part of the American Council on Renewable Energy (ACORE – http://www.acore.org/) and participates in the U.S. Partnership for Renewable Energy Finance (US PREF – http://uspref.org/) to increase its work with state and federal policymakers and other stakeholders to enable more renewable energy opportunities for cloud providers.
Please visit https://aws.amazon.com/about-aws/sustainability/ for more details about AWS’s approach to sustainability.
ENVIRONMENTAL POLICY IMPACT B: Employee Energy and Resource Use
Below are the guidelines followed at the Company’s workplace settings and encouraged at employees’ remote work settings:
• Turning off lights, computers, and other equipment when not in use.
• Adjusting the thermostat to save energy during non-business hours.
• Using energy-efficient appliances and equipment where possible.
• Reducing paper use by printing double-sided and only when necessary.
• Using refillable water bottles and coffee cups instead of disposable ones.
• Recycling paper, plastics, and other materials.
• Using reusable bags and containers for lunch and snacks.
• Considering the environmental impact of your actions both at work and at home.
• Encouraging colleagues to adopt sustainable practices.
• Reporting any energy or resource waste to management