Last updated: 1/31/2023
Abacus Data Systems, Inc. and its group companies (“CARET”, “we”, “us” and “our”) are committed to protecting and the privacy of our website visitors, customers, business partners, and end users.
CARET may, from time to time, handle personal information collected from individuals located within European Union member countries and Switzerland. CARET complies with the General Data Protection Regulation (“GDPR”) and both the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, onward transfer, processing and retention of personal information from European Union member countries and Switzerland. CARET has certified to the U.S. Department of Commerce that it, and its subsidiaries, adhere to the Privacy Shield Principles of: notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement, and liability. CARET is also registered with the Information Commissioners Office; our registration number is: Z6162526.
What information do we collect about you?
When you visit our Websites. We may collect personal information about you when you visit our Websites. Some information is provided by you. For example, first name, surname, address, telephone number, email address, job title, and organization (personally identifiable information, or “Personal Information”) when you complete our online form requesting information about our products or services. We may also gather contact information by pulling additional data from our vendors or other publicly available sources, in order to supplement the information you provide. We also collect personally identifiable information when you order or register our products or services, subscribe to marketing communications, request support, complete surveys, provide in product feedback, participate in any of our Website blogs or discussion groups, participate in an online live chat, or when you sign up for an CARET-sponsored event or webinar.
When you visit our Websites, we may also collect information that does not necessarily reveal your identity directly but may include information about the specific device you are using or location, such as the hardware model, operating system version, web- browser software (such as Firefox, Chrome, Safari, or Internet Explorer) and your Internet Protocol (IP) address/MAC address/device identifier. In some countries, including the European Economic Area, this information may be considered Personal Information under applicable data protection laws.
We also automatically collect and store certain information in server logs such as: statistics on your activities on our Websites, mobile apps, and products; information about how you came to and used our Websites, mobile apps, and products; your IP address; device type and unique device identification numbers, device event information (such as crashes, system activity and hardware settings, browser type, browser language, the date and time of your request and referral URL), broad geographic location (e.g. country or city-level location) and other technical data collected through cookies, pixel tags and other similar technologies that uniquely identify your browser. We may also collect information about how your device has interacted with our website, including pages accessed and links clicked. In some countries, including the European Economic Area, this information may be considered Personal Information under applicable data protection laws.
When you purchase our products. Purchasing CARET products or services, we may also collect billing and transactional information.
When using CARET products and services. In connection with using certain CARET products and services, we may automatically collect certain data relating to the performance and configuration of the CARET products and services, our customer’s and their end-users consumption of and interaction of such products and services (“Usage Data”). Usage Data is generally technical information obtained from product software or systems hosting the services, devices accessing these products and services and/or log files generated during such use which typically does not directly identify an end-user.
As it relates specifically to CARET Legal and Google User Data, we may access Google user data such as Google Emails, Calendars, Contacts and or Documents. Google Activity may also be accessed to track changes made to the User’s Google Account through the CARET Legal integrations.
How will we use the information we collect?
We may use information collected when you visit our Websites for the following business purposes:
- Provide you with CARET products and services, and to process transactions.
- Respond to your requests or provide information requested by you.
- Send administrative or account-related information to you.
- Manage your account and provide support or other services, such as product updates, fixes and product and service recommendations.
- Obtain and understand your feedback or user experience.
- Better understand our customers and end-users and the way they use and interact with CARET websites, mobile apps, products and services.
- Provide a personalized experience, and implement the preferences you request.
- Improve service reliability or improve features and functionality.
- Enhance security, monitor and verify identity or service access, combat spam or other malware or security risks.
- Provide you with marketing and promotional communications (where this is in accordance with the law).
- Determine the effectiveness of marketing and promotional campaigns.
- Post testimonials (with your prior consent).
- Communicate with you about our events or our partner events.
- Provide quality control and staff training.
To whom do we disclose information we collect?
We may share personal information about you with third parties in the following circumstances:
Partners: We may provide your information to our channel partners, such as distributors and resellers, to fulfill product and information requests, to effectively deliver unified support, and to provide customers and prospective customers with information about CARET and its products and services.
From time to time, CARET may engage in joint sales or product promotions with selected business partners. If you purchase or specifically express interest in a jointly- offered product, promotion or service, we may share relevant Personal Information with those partners.
Please be aware that CARET does not control our business partners’ use of such information. Our partners are responsible for managing their own use of the Personal Information collected in these circumstances. We recommend you review the privacy policies of the relevant partner to find out more about their handling of your personal information.
Vital interests: We may disclose information where we believe it necessary in order to protect the vital interests of any person.
Compliance with Laws: Compliance with laws or any competent law enforcement body, regulatory body, government agency, court or third party: we may disclose information where we believe disclosure is necessary or required (i) by law or regulation, in order to comply with legal process or government requests (including in response to public authorities to meet national security or law enforcement requirements); or (ii) to exercise, establish or defend our legal rights.
Legal Basis for Processing:
- With your consent: We may disclose your personal information for any purpose for which you have provided consent.
- Other legitimate business purposes: We may share your personal information when it is necessary for other legitimate purposes such as protecting CARET’s confidential and proprietary information or where necessary to support, respond to, and to provide our products and services to our customers.
How we secure your information
CARET maintains (and requires its service providers to maintain) appropriate organizational and technical measures designed to protect secure your information and to protect it against unauthorized or unlawful use and accidental loss or destruction, including:
- Employing physical access controls, encryption, Internet firewalls, intrusion detection and network monitoring depending on the nature of the information and the scope of processing.
- Providing access to your information to the minimum extent necessary, subject to confidentiality restrictions where appropriate, and on an anonymized basis wherever possible.
- Requiring our employees to keep all personal information confidential.
Your privacy rights
Updating Your Information: If you would like to update personal information that you have provided to us, please logon to https://portal.abacusnext.com and update your profile.
Marketing Communications: You can opt-out of receiving marketing communications from CARET by going to the CARET subscription center at https://go.abacusnext.com/lp/abacusnext-unsubscribe and unsubscribing. You can also opt out by clicking “unsubscribe” in any marketing email communications we send you, or by sending an email to email@example.com.
Additional Rights for the EEA and Certain Other Territories: If you reside in certain territories (such as the European Economic Area), you may have the right to exercise certain privacy rights available to you under applicable laws. We will process your request in accordance with the GDPR. We may need to retain certain information for record-keeping purposes and/or to complete transactions that you began prior to requesting any deletion. You can contact our Data Privacy and Protection office by sending an email to firstname.lastname@example.org.
Right not to provide consent or to withdraw consent: We may seek to rely on your consent in order to process certain personal information. Where we do so, you have the right not to provide your consent or to withdraw your consent at any time. This does not affect the lawfulness of the processing based on consent before its withdrawal.
Right of access: You may have the right to access the personal information that we hold about you.
Right of erasure: In certain circumstances, you may have the right to the erasure of personal information that we hold about you (for example if it is no longer necessary for the purposes for which it was originally collected).
Right to object to processing: You may have the right to request that CARET stop processing your personal information and/or to stop sending you marketing communications.
Right to correct: You may have the right to require us to correct any inaccurate or incomplete personal information.
Right to restrict processing: You may have the right to request that we restrict processing of your personal information in certain circumstances (for example, where you believe that the personal information we hold about you is not accurate or lawfully held).
If you would like to exercise any of the above rights, please contact compliance@getCARET.com so that we may consider your request under applicable law. To protect your privacy and security, we may take steps to verify your identity before complying with the request.
CARET has no direct relationship with our clients’ customers or third-party who’s Personal Information it may process on behalf of a Client. An individual who seeks access, or who seeks to correct, amend, delete inaccurate data or withdraw consent for further contact should direct his or her query to our client company they deal with directly. If our client requests CARET to remove the data, we will respond to its request within thirty (30) days. We will delete, amend or block access to any Personal Information that we are storing only if we receive a written request to do so from our client who is responsible for such Personal Information; unless we have a legal right to retain such Personal Information. We reserve the right to retain a copy of such data for archiving purposes, or to defend our rights in litigation.
California Privacy Rights: California Civil Code section 1798.83 requires us to disclose to our California customers, upon request, the identity of any third parties to whom we have disclosed Personal Information within the previous calendar year, along with the type of personal information disclosed, for the third parties’ direct marketing purposes. Please note that under California law, we are only required to respond to a customer request once during any calendar year.
In addition, California Business and Professions Code Section 22581 requires that we allow California residents under age 18 who are registered users of online sites, services, or applications to request and obtain removal of content or information they have publicly posted. Such requests should include a detailed description of the specific content or information to be removed. Please be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.
If you are a California resident and would like to make either type of request described above, please contact us at email@example.com.
CARET is subject to oversight by the ICO and the U.S. Federal Trade Commission. JAMS is the US-based independent organization responsible for reviewing and resolving complaints about our Privacy Shield compliance — free of charge to you. We ask that you first submit any such complaints directly to us via firstname.lastname@example.org. If you aren’t satisfied with our response, please contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield. In the event your concern still isn’t addressed by JAMS, you may be entitled to a binding arbitration under Privacy Shield and its principles.
You may also file a complaint with the ICO at: https://ico.org.uk/concerns/.
How long we retain your information?
When we have no justifiable business need to process your personal information, we will either delete or anonymize it, or if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
What are Cookies and how do we use them?
Cookies are small files that a site transfers to your computer’s hard drive through your web browser that enables it to recognize your browser and capture and remember certain information. A cookie cannot read data off of your hard drive or read cookie files created by other sites.
Cookies may do things like allow you to navigate faster through the site, remember your preferences, passwords, and generally improve the user experience. You can turn off the ability to receive cookies by adjusting your browser settings — please note that if you do so, this may affect the functionality of the website and the information you can access through it.
Our Websites, products, and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from such individuals. If you become aware that a child has provided us with Personal Information, please contact us at email@example.com. If we become aware that an individual under the age of 18 has provided us with personal information, we will take steps to delete such information.
International transfers of information
Personal information, including personal information collected in the European Economic Area (“EEA”) or Switzerland, may be transferred, stored, and processed by us and our services providers, partners, and affiliates in the United States and potentially other countries whose data protection laws may be different to the laws of your country, for example to Canada.
We will not transfer Personal Information originating in the EU or Switzerland to third parties unless such third parties have entered into an agreement in writing with us requiring them to provide at least the same level of privacy protection to your Personal Information as required by the Principles of the EU-US Privacy Shield Framework or the Swiss-US Privacy Shield Framework. We will only transfer data to our agents, resellers, or third-party service providers (such as accountants, attorneys, consultants, and other service providers) who need the information in order to provide services to or perform activities on behalf of CARET; including in connection with the delivery of services or products, CARET’s management, administration, or legal responsibilities. We acknowledge our liability for such data transfers to third parties.
How to contact us
Attn: Sr. Cyber Security & Compliance Engineer Abacus Data Systems, Inc. 3262 Holiday Court
La Jolla, CA 92037