Cherwell Software Privacy Statement
Who are We?
For the purposes of the Data Protection Act 1998, the data controller is Cherwell Software, LLC, including its subsidiaries and affiliates (collectively, “Cherwell”).
This Privacy Statement describes Cherwell’s privacy practices in relation to the use of the Company’s Websites (as defined below). By using the Websites, you consent to the terms of this Privacy Statement. IF YOU DO NOT CONSENT TO THIS PRIVACY STATEMENT IN ITS ENTIRETY, YOUR SOLE AND EXCLUSIVE REMEDY IS TO IMMEDIATELY CEASE USE OF THE WEBSITES.
This Privacy Statement covers the information practices of websites that link to this Privacy Statement, which include https://www.cherwell.com and its subdomains (the “Websites”).
Information you give to us. In general, you can visit the Websites without telling us who you are or revealing any personal information about yourself. In some cases, you may be required to provide personal contact information if you are, for example, interested in obtaining additional information about Cherwell’s products or services, requesting access to certain content, inquiring about a Cherwell partner program, registering for an event, or participating in discussions taking place within the Cherwell Community or blog, or a customer of Cherwell's products or services. In such instances, depending on the nature of your request or your status as a customer of Cherwell's products or services, you may be asked to provide personal contact information including, but not limited to, name, email, phone number, location (country and state/province), company name, company country and city, business email, business phone number, and job title (collectively, “Personal Data”).
Information we collect about you. With regard to each of your visits to our site we will automatically collect the following information:
- technical information, which may include the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
- information about your visit, which may include the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
Information we receive from other sources. We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). We may receive some of the above detailed information from those third parties. For more information about the third parties we exchange information with see the “Information Disclosed to Third Parties” section below.
Use of Information Collected
Cherwell uses your Personal Data to contact you about the products or service on our Websites in which you have expressed interest. If you are a customer of Cherwell’s products or services, then we may use your Personal Data to provide you with implementation services and/or technical support related to your use of Cherwell’s software or to inform you about new software products and services or updates to existing products and services.
Cherwell may also use your Personal Data to improve both the usability of our Websites and our user support procedures and to help prevent misuse of our system, as well as for the following purposes:
- to ensure that content from our site is presented in the most effective manner for you and for your computer;
- for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to allow you to participate in interactive features of our service, when you choose to do so;
- as part of our efforts to keep our Websites safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
- to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
Information we receive from other sources. We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Information Disclosed to Third Parties
Cherwell may share your Personal Data with contracted service providers so that these service providers can provide services on Cherwell’s behalf, such as analytics and search engine providers that assist us in the improvement and optimization of our Websites, email services, software support services, implementation services, and reselling services. These companies are authorized to use your Personal Data only as necessary to provide the services for which they were contracted to provide to Cherwell.
Partners receive your data when you visit or use their services or through third parties they work with. We require each of these partners to have lawful rights to collect, use and share your data before providing any data to us. We will also disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
- If all of or substantially all of Cherwell’s assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
Marketing Communications: Choice/Opt-Out
If you have given permission, we may share your personal data with organizations who are our business partners and we or they may contact you (unless you have asked us or them not to do so) by telephone, sms (text) and email about products, services, promotions, special offers that may be of interest to you.
Where you are an existing customer we may contact you by email or telephone about products, services, promotions and special offers where we have determined that it is in our legitimate interests to do so.
Where you have given your permission and you change your mind and you no longer wish to receive our newsletter and promotional communications, you may unsubscribe or opt-out of receiving them by following the instructions included in each newsletter or communication or by emailing us at email@example.com.
Generally, if you are a customer of Cherwell’s products and services, you may not opt-out of software service or technical support related announcements, which are not promotional in nature. If you do not wish to receive these announcements, please contact firstname.lastname@example.org.
Cherwell will also offer you the opportunity to choose (opt-out) whether your Personal Data is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by you. Questions regarding procedures, or requests to opt-out, should be directed to email@example.com.
See further “Your Rights”, below for more information about what you can do in relation to your Personal Data collected and used by us.
All information you provide to us is stored on secure servers. As a company providing services internationally, we may receive and transfer information all over the world. Consequently, your personal information may be used, stored and processed outside of the country where you entered that information or from which we collected it. It may also be processed outside the location from which it was collected by staff operating in a different location who work for us or for one of our suppliers. This includes staff engaged in, among other things, the fulfilment of your order and the provision of support services.
You can obtain more information about the locations where your data is stored and transferred to, including the identity of third party suppliers and their locations and processing activities by contacting us: firstname.lastname@example.org.
Whenever we transfer your personal information out of the European Union, we ensure a similar degree of protection is afforded to it by ensuring that the organisation to which it is transferred is E.U.-U.S. Privacy Shield Framework certified or alternatively that at least one of the other safeguards listed below is implemented.
To learn more about the Privacy Shield program, and to view our certification (where you will find details of what information is sent to Cherwell Software LLC, and the purposes for which it processes it), please see www.cherwell.com/privacy-shield.
If you have a concern about the way your data has been handled when it was collected by Cherwell Software LLC in the United States using the Privacy Shield Framework, please refer to the “Questions and Complaints” section below.
Adequacy: the transfer is made only to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission. For further details, see European Commission webpage on Adequacy: https://ec.europa.eu/info/law/law-topic/data-protection_en, or
EU Model Contracts/Standard Contractual Clauses: where the party is outside of the European Union, not in a country subject to an adequacy decision and not privacy shield certified, we enter into specific contracts approved by the European Commission which give personal information the same protection it has in Europe. For further details, see European Commission webpage on Model Contract Clauses: https://ec.europa.eu/info/law/law-topic/data-protection_en.
Data Integrity and Security
The security of your Personal Data is important to us. We follow generally accepted standards to protect the Personal Data you submit to us, both during transmission and once we receive it. We follow generally accepted industry standards to protect the Personal Data submitted to us. While we will use all reasonable efforts to safeguard your personal data, you acknowledge that no method of transmission over the Internet, or method of electronic storage, is 100% secure, therefore, we cannot guarantee its absolute security and integrity of any personal data that are transferred from you or to you via the internet; any transmission is at your own risk.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Websites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
If you have any questions about security on our Websites, you may contact us at email@example.com.
We keep your data for so long as it is necessary to fulfill the purpose for which it was collected. Therefore, we will retain your Personal Data for as long as your account is active or as needed to provide you services. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
For example, we may retain your Personal Data after termination of our agreement with you or closure of your account in the following circumstances:
- to comply with our legal obligations e.g. keeping of financial records for up to 6 years plus 1 year,
- to resolve disputes e.g. if you have rasied a dispute against us which may result in a claim then we may need to keep your data for the statutory limitation period and beyond if a claim is raised until the claim is resolved/settled,
- to enforce our agreements e.g. if your agreement has been terminated for breach then we may keep your data after termination to ensure that your account is properly closed.
If you wish to cancel your account or request that we no longer use your Personal Data to provide you services, contact us at firstname.lastname@example.org.
Right to ask us to stop contacting you with direct marketing. Even if you have accepted the processing of your personal data for marketing purposes (by ticking the relevant box), you have the right to ask us to stop processing your personal data for such purposes. Let us know what method of contact you are not happy with if you are unhappy with certain ways of contacting you only (for example, you may be happy for us to contact you by email but not by telephone).
Right to request a copy of your information. You can request a copy of your information which we hold (this is known as a subject access request). If you would like a copy of some or it, please contact us and let us know the information you want a copy of, including any account or reference numbers, if you have them. Any subject access request may be subject to a reasonable fee to cover the cost of providing you with details of the information we hold about you.
Right to correct any mistakes in your information. You can require us to correct any mistakes in your information which we hold free of charge. If you would like to do this, please contact us and let us know the information that is incorrect and the information you want it replaced with.
Right to request we cease processing your information. You may request that we cease processing your Personal Data. If you make such a request, we shall retain only the amount of personal data pertaining you that is necessary to ensure that no further processing of your Personal Data takes place. Please note that if you exercise this right and you have contracted for a service from us we may not be able to continue providing the service.
Right to request deletion of your information. You can ask us to erase all your Personal Data (also known as the “right to be forgotten”) in the following circumstances:
- it is no longer necessary for us to hold that Personal Data with respect to the purpose for which it was originally collected or processed;
- you wish to withdraw your consent to us holding and processing your Personal Data;
- you object to us holding and processing your Personal Data (and there is no overriding legitimate interest to allow us to continue doing so);
- the Personal Data has been processed unlawfully; or
- the Personal Data needs to be erased in order for us to comply with a particular legal obligation.
Unless we have reasonable grounds to refuse to erase your Personal Data (e.g. because it is necessary to continue to process it in order to provide a service which you have contracted), all requests for erasure shall be complied with.
Right to take your data with you. The right to data portability only applies:
- to personal data you’ve provided to us (i.e. not any other information),
- where we are processing your personal data because you have provided your consent for us to do so, or under a contract with you; and
when processing is carried out by automated means.
We can refuse your data portability request if the processing does not satisfy the above criteria. Also, if the personal data concerns more than one individual, we may not be able to transfer the information to you if doing so would prejudice the other person’s rights.
To exercise the above rights to object to processing, review, update, make changes, or delete your Personal Data, please send an email to email@example.com.
Cookies and Other Technical Information
We employ the use of “cookies” to enhance your online experience and to store preferences, record which session information, record user-specific information on pages you access or visit, alert you to new areas that we think might be of interest to you when you return to our Websites, record past activity at our Websites in order to provide better service when you return to our Websites, to better target any display advertising, and customize site content based on your browser type or other information that you send. Cookies are files that can identify you as a unique customer and store your personal preferences as well as technical information (including click through and click stream data). Cookies can either be permanent (i.e., they remain on your computer until you delete them) or temporary (i.e., they last only until you close your browser).
We may also use “Web beacons” that monitor your use of our Websites. Web beacons are small strings of code that provide a method for delivering a display advertisement on a webpage for the purpose of transferring data, such as the Internet Protocol (“IP”) address of the computer that downloaded the page on which the Web beacon appears, the Uniform Resource Locator (“URL”) of the webpage on which the Web beacon appears, the time the webpage containing the Web beacon was viewed, the types of browser that fetched the Web beacon and the identification number of any cookie on the computer previously placed by that server. When corresponding with you via HTML capable e-mail, Web beacons let us know whether you received and opened our e-mail.
Third party vendors may show you our ads on websites across the Internet. We and third party vendors use first-party cookies and third party cookies together to inform, optimize, and serve ads based on someone’s past visits to the Websites.
Links to Other Websites
Cherwell’s Websites contain links to other websites, for example those of our value-added resellers or solutions partners, that are not owned or controlled by Cherwell. We are not responsible for the privacy practices of these other websites and encourage you to read the privacy policies of these websites.
Social Media Features and Widgets
We may display personal testimonials of satisfied customers on our Websites. If you wish to update or delete your testimonial, you can contact us at firstname.lastname@example.org.
If an account/profile was created without your knowledge/authorization, please contact us at email@example.com to request removal of the profile.
To request removal of your Personal Data from a Forum, contact us at firstname.lastname@example.org. In some cases, we may not be able to remove Personal Data that you submitted on a Forum, in which case we will let you know if we are unable to do so and why.
Questions or Complaints
You may contact us about any questions or concerns you may have regarding the use or disclosure of your Personal Data at email@example.com.
If you have any complaints about the way in which we collect, store and use your information, and these have not been addressed by contacting us first, you can contact the supervisory authority in the United Kingdom, the Information Commissioner’s Office: https://ico.org.uk/concerns/ or you can contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield. For residual complaints not fully or partially resolved by other means, you may be able to invoke a binding arbitration mechanism.
Complaints relating to Privacy Shield
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us as specified above.
[We have further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland. For more information on the rules and procedures of the EU Panel of DPAs see: http://ec.europa.eu/newsroom/document.cfm?doc_id=42963
Legal Disclaimer; Compelled Disclosure
We reserve the right to disclose information collected through our Websites, including your Personal Data, when we believe that disclosure is necessary to protect our legal rights, protect your safety or the safety of others, investigate fraud, respond to a government request or to comply with a legal proceeding, court order, law, rule or regulation.
U.S. Federal Trade Commission enforcement: Cherwell Software LLC’s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
If Cherwell is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Websites of any change in ownership or uses of your Personal Data, as well as any choice you may have regarding your Personal Data.
Changes in this Privacy Statement
We reserve the right to modify this Privacy Statement at any time, so please review it frequently. If we decide to change our Privacy Statement, we will post those changes to this Privacy Statement. If we make any material changes, we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on www.cherwell.com/privacy-statement prior to the change becoming effective. However, it is your responsibility to check the Websites on a regular basis for updates to the Privacy Statement.
Last updated: May 25, 2019