Chroma Software, Inc.®

Privacy and Cookies Notice

Last Reviewed: 07/15/2021

Chroma Software, Inc., a business corporation (herein “Chromatic”, “we”, “us” or “our”), based in the United States and headquartered at 548 Market St. #26384 San Francisco, CA 94104, is committed to protecting and respecting your privacy and personal information (herein, “personal information” refers to any information that identifies you or is about you as an individual).

This Privacy Notice describes how we collect, use and share personal information through your (herein, “you” or “your” refers to the person accessing our products and services) interaction with our website: https://www.chromatic.com/, (herein, “Website”).

Please read this Privacy Notice carefully so you can make an informed decision about your use of our Website.

Contents

  1. Scope of This Privacy Notice
  2. How We Collect Personal Information
  3. Categories of Personal Information We Collect
  4. How We Use Personal Information
  5. Legal Basis for Collecting and Using Your Personal Information
  6. Links to Third-party Websites
  7. Collection of Personal Information From Minors
  8. Sharing and Sale of Your Personal Information
  9. Protection of Personal Information
  10. How Long We keep Your Personal Information
  11. Where We Transfer Your Personal Information
  12. Cookies Notice
  13. Your Privacy Rights
  14. Questions and Contacts
  15. Changes to Our Privacy Notice

1. Scope of This Privacy Notice

This Privacy Notice applies to anyone who interacts with us through our Website, which manages our product and service offerings. This Privacy Notice provides details about the personal information we collect about you, how we use it, and how we protect and safeguard your personal information. This Privacy Notice also provides information about your rights as an individual, in relation to the personal information that we collect from you. These rights may commonly be referred to as your “Consumer Rights” under the California Consumer Privacy Act (“CCPA”) or your “Data Subject Rights” under the European Union General Data Protection Regulation (“GDPR”).

2. How We Collect Personal Information

We may collect personal information about you from various interactions on our Website. These interactions may include creating an account, placing an order, utilizing comments feature, or utilizing the chat bot. Other interactions may include signing up for our newsletter or other marketing materials, and through your contact and interaction with us on social media, blogs, surveys, and/or product feedback communications.

We may also collect certain online identifiers, which may be considered personal information, through your use of our Website. This information includes online activity information and technical information about your usage activities, to the extent that such information constitutes personal information. We may also set cookies on your web browser or use other tracking technologies when you interact with websites, applications, or advertisements in our network. This allows us to collect certain websites’ usage data and online identifiers which, under certain privacy regulations, may be considered personal information. However, in many cases such data may be aggregated or anonymized, and may only ever be used to attempt to identify you as an individual where we have a legal basis to do so (for example in the case of an investigation into fraudulent transactions). For more information, refer to our “Cookies Notice” in section 12 below.

3. Categories of Personal Information We Collect

We may collect, and may have collected in the past, any of the following categories of personal information from you:

  • Contact information, such as, postal address, email address, and phone numbers;
  • Personal Identifiers, such as your name, alias, signature, and other unique personal identifiers;
  • Financial details, such as details about your credit or payment card or payment account, including details of account numbers, payment details, or billing addresses;
  • Account Information, such as your username, and consent and preferences (e.g., to receive newsletters);
  • Credentials, such as passwords, password hints, and similar security information used for authentication and account access;
  • Commercial information, such as purchase history;
  • Geolocation data, such as physical location or movements;
  • We may collect information about interaction with, and responses to, our marketing communications;
  • Any personal information you send to us in emails, attachments, and other communications that you send us or otherwise contribute;

Data and online identifiers we collect through our Website (e.g., through cookies and other tracking technologies) may include IP addresses, preferences, web pages visited prior to coming to our Website, information about browser, network or device (such as browser type and version, operating system, internet service provider, preference settings, unique device IDs, language, and other regional settings), and information about how you interact with our Website (such as pages visited, timestamps, clicks, scrolling, browsing times, and load times). For more information refer to our “Cookies Notice” in section 12 below.

4. How We Use Personal Information

Your personal information may be used by us, our employees and service providers, and disclosed to third-parties for the following purposes:

  • Communicate with you, including by responding to questions or communications you send to us (e.g., as a response to communications you have sent via online webforms or email), and other relevant service or product-related announcements;
  • Perform our services, including personalizing Website user experience (e.g., delivering relevant content and product offerings), order fulfilment and fulfilling transactions, maintaining accounts and contracts, providing customer service, informing and updating our investors, monitoring disputes, or verifying information;
  • Notify you about changes to our products and services;
  • Manage our affiliate, distributor, and customer relationships, including to enforce or apply the agreements concerning you (including any applicable agreements between you and us);
  • Perform marketing, including providing relevant details and informational updates related to our products and services, or advertising our products and services online. This could include “remarketing” or “retargeting”, whereby users of our Website may be marketed to on other third-party websites through use of Marketing Cookies – see “Cookies Policy” section 12 below for further information. In addition to third-party cookies, remarketing may also involve our use of personal information (such as name and email address) collected from you in prior interactions, which may then be used to provide you with relevant updates, marketing, or other information related to your prior interactions with our products and services;
  • Administer promotions such as offering product discounts, giveaways, or other incentives;
  • Undertake monitoring, market research, trend analysis, and customer satisfaction survey activities to verify, maintain, or improve the quality and types of products and services being provided, including on our Website, or to handle and respond to complaints or questions, analyze your interactions with our products and services, or act on feedback you provide through surveys, product feedback, emails, etc.;
  • Audit our transactions and interactions, for purposes where we have legal grounds to do so, such as security or for regulatory compliance;
  • Detect, remediate, and, if applicable, prosecute any physical security or information security-related or criminal incidents, including protecting against any illegal activity such as fraud to ensure the security and integrity of our services;
  • Enforce our legal rights and comply with legal or regulatory obligations including in connection with court orders, complaints, or performance of identity verification to respond to certain requests for information, or to establish, make, or defend against legal claims;
  • Act in the public interest, in line with any laws that apply;
  • Evaluate job applications and business proposals (e.g., agreements or requests proposed by affiliates and distributors, or prospective affiliates and distributors);
  • Post customer product comments on our Website that may contain personal information, such as name. By submitting express written consent, your comment regarding your experience with our products/services could be potentially posted on our Website. If you wish to delete your comment, please contact us at privacy@chromatic.com and be sure to include your name, comment location, and contact information.

We process your personal information when we have a legal basis to do so. This includes:

  • Consent - You have consented to the use of your personal information in a particular way. When you consent, you can have the right to revoke your consent, however this does not necessarily mean it is possible or that we are obligated to cancel or reverse any previous actions taken based on any consent previously provided. Details of how to exercise your legal rights are outlined in section 13 below - “Your Privacy Rights”;
  • Legitimate Interest - We process certain personal information for the legitimate interests of Chromatic, our partners, or our customers. These legitimate interests include, for example, pursuit of our commercial activities and objectives; distribution of marketing materials through various channels such as by online advertising or social media, email, or physical mail; protection of our business, employees, customers, and other stakeholders; and research and analysis to monitor and improve our products, services and Website based on sales trends, our Website’s usage data, and similar data. We will rely on our legitimate interests for processing personal information only after balancing our interests and rights against the impact of the processing on individuals;
  • Performance of our Contract or fulfillment of our obligations as part of any transaction with you, or to take steps at your request before entering into a contract or transaction;
  • Other Legal Bases - We have a legal or regulatory obligation to collect and/or use your personal information, such as to comply with regulatory requirements or to comply with a court order or law enforcement request.

If you do not provide the relevant personal information to us, we may not be able to provide our Website and services to you.

Our Website may also contain links to and marketing from the websites of third-parties. We have no control over the content or operation of these websites, nor do we control the confidentiality or privacy practices of the website operators. Consequently, any personal information you submit through such website is governed by the privacy policies of the website in question. It is therefore your responsibility to find out about the third-party policies in order to protect your personal information when visiting these third-party websites.

7. Collection of Personal Information From Minors

Our Website is not designed or intended to attract children under 13 years of age, and we do not knowingly collect information from minors. By using our Website, you hereby represent that you are at least the age of legal majority in your place of residence.

8. Sharing and Sale of Your Personal Information

We may disclose your personal information to service providers and other third-parties. In the past, we may have disclosed to such third-parties any of the categories of personal information outlined in the above section 3, “Categories of Personal Information We Collect”, wherever we have legal basis for such sharing. However, we endeavor to share only the minimum relevant personal information that is required to fulfill the business purpose for sharing such personal information.

We may disclose, and may have already disclosed, personal information to the following categories of third-parties:

  • Our service providers - Our business partners, suppliers and sub-contractors who help us provide our Website, products and services. This includes, for example, our e-commerce platform providers, analytics providers, marketing and advertising service providers, website development and troubleshooting service providers;
  • Our professional advisers - Including accountants, lawyers and other professional advisers that assist us in carrying out our business activities;
  • Government authorities and third-parties involved in legal or regulatory action - External agencies and organizations (including the police and the relevant local authority) for the purpose of complying with applicable legal and regulatory obligations.

We may also disclose your personal information to other third-parties, for example:

  • In the event that we sell or buy any business or assets, or restructure our business or assets, we may disclose your personal information to the prospective affiliate, seller or buyer of such business or assets;
  • If we are under a duty to disclose or share your personal information in order to comply with any legal obligation.

While we do not sell personal information in exchange for monetary consideration, we do share, and may have already shared, personal information for other benefits that could be deemed a “Sale,” as defined by the CCPA in the California Civil Code 1798.140 section (t)(1). This includes sharing of identifiers (such as IP address or email address), commercial information (such as product interest), and internet or other electronic network activity usage data with advertising partners and networks, and our Website’s analytics companies. You have the right to direct us to not sell your personal information. Please see section 13 “Your Privacy Rights” for further details on how to exercise this right.

9. Protection of Personal Information

We use reasonable administrative, technical, and physical safeguards to protect your personal information, taking care of its integrity and availability and avoiding its damage, loss, alteration, destruction, or unauthorized use. Although we will do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to or via our Website and any transmission is at your own risk.

10. How Long We Keep Your Personal Information

We will retain your personal information for as long as is necessary for purposes for which it was collected. Those periods are also based on the requirements of applicable data protection laws, applicable legal and regulatory requirements and periods relating to the commencement of legal actions.

11. Where We Transfer Your Personal Information

We are headquartered in the United States and we will process your personal information in the United States. Your personal information will be transferred and stored in the United States.

If we transfer personal information outside the European Economic Area (EEA), Asia, or Australia, we will implement appropriate and suitable safeguards to ensure that such data will be protected as required by applicable data protection laws. For further information as to the safeguards we implement please contact privacy@chromatic.com.

12. Cookies Notice

This Cookies Notice applies when using our Website.

Cookie Overview and How They are Used on Our Website

Our Website uses cookies to distinguish you from other users of our Website. Cookies are pieces of information stored directly on the device you are using by your browser. Cookies allow us to recognize your device and allows our Website to remember certain information about you (such as marketing preferences or account information), and to perform analytics and other functions in relation to your, and others’, use of our Website. This helps us to provide you with a good, secure, and personalized experience when you browse our Website and allows us to improve our Website over time.

Cookies set by us on our Website, named “first-party” cookies, are used to help evaluate and enable performance and secure functionality of our Website. These may enable us to collect or remember certain usage data and data about your device. This may include data on website pages visited prior, during and after visiting our Website, clicks or interactions made with the pages on our Website, consents and preferences, time spent on our pages and date/timestamps of visits and interactions, device identifiers such as IP address or operating system type, and browser type.

We also use “third-party” cookies, which are cookies from a website domain other than our Website. These are used for our Website’s analytics, site functionality, security, and marketing efforts by sharing usage and device-related data with relevant third-parties.

We, and third-parties performing services on our behalf, may use cookies for security purposes (for example, in helping prevent fraud), to facilitate navigation, to display information more effectively, and to personalize your experience while using our services. In addition, we may use the information to gather statistical information about the usage of our services in order to understand how they are used, continually improve their design and functionality, and assist us with resolving questions about them. Cookies further allow us to present to you the advertisements or offers that are most likely to appeal to you. We may also use cookies to track your responses to our advertisements and we may use cookies or other files to track your use of other websites.

Web Beacon Overview and How They are Used on Our Website

The pages of our Website contain images (called a “single-pixel gif” or “web beacons”) that allow our third-party service providers and us to count page views or to collect other anonymous data. In general, any electronic image viewed as part of a web page, including an ad banner, can act as a web beacon. Web beacons are typically very small, usually 1 by 1 pixel in size, but their presence can be easily seen with your browser’s inspection tools. Web beacons are small in order to minimize both their display and their loading time. Our web beacons may collect, gather, monitor or share personal information about our online service visitors for web tracking purposes; they also may be used to compile anonymous, aggregated statistics about the usage of our online services.

For tracking purposes, we use web beacons on our Website along with other technical methods. We also employ third-party services (e.g., Twitter) that collect data remotely through the use of web beacons. This service then returns the completely anonymous data to us as site traffic reports.

Google Analytics

In addition to the cookies detailed below, we use Google Analytics to better understand your use of our Website and services. Google Analytics collects information such as how often users visit our Website, what pages are visited, and what other sites may have been used prior to visiting. Google uses the data collected to track and examine website usage, to prepare reports on its activities and share them with other Google services, and to contextualize and personalize the ads of its own advertising network. More information about how Google Analytics collects and processes data can be found here.

Google’s ability to use and share information collected by Google Analytics about your visits to our Website is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can also opt-out of and manage your preferences for Google’s use of personalized advertising and related cookies by visiting Google’s Ad Settings, and Google Analytics also offers an opt-out mechanism for the web available here.

Types of Cookies on Our Website

We use the following types of cookies for the following purposes:

Strictly Necessary Cookies: These cookies are essential for you to browse our Website and use its intended functionality, including accessing secure areas of our Website. These cookies cannot be opted-in or out of.

Performance Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Website. They help us to know which pages are the most and least popular and see how visitors move around our Website. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site.

Functional Cookies: These cookies enable the Websites to provide enhanced functionality. They may be set by us or by third-party service providers whose services we have added to our pages (for example, embedding videos on webpages).

Marketing Cookies: These cookies may be set on our Website by our advertising and marketing service providers. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other sites. They are based on uniquely identifying your browser and internet device. This recognition is used to serve relevant adverts, links, or other information about our products and services to users visiting other websites after having previously visited our Website or interacted with our products and services. If you consent to these cookies, you may experience targeted advertising.

Do Not Track and Third-party Tracking Disclosure

Certain mechanisms may allow you to send web browser signals, known as “Do Not Track” (“DNT”) signals, indicating your choice to disable tracking on our Website. We do not respond to browser DNT signals at this time. We may not be aware of or be able to respond to every such mechanism.

Third-parties, other than our service providers (such as our Website’s analytics provider), do not have authorization from us to track which website you visited prior to and after visiting our Website. That said, we cannot control third-party tracking; therefore, there may be some third-party tracking that occurs without our knowledge or consent.

13. Your Privacy Rights

Depending on the jurisdiction you reside in, you may have certain rights in relation to the personal information we have collected about you. These rights are not absolute and do not apply in all cases. We will never discriminate against or provide discriminatory treatment to any individuals exercising their privacy rights under applicable regulations. If we are not able to meet your privacy rights request, we will explain why, and provide details of any further action you may take.

Your privacy rights are detailed below:

  • Right of Access/Right to Know: You may have the right to make a request for details of your personal information and a copy of that personal information. Depending on your residency (e.g., for California residents), this may also include rights to know:
    • The categories and specific pieces of personal information that we have collected about you;
    • The categories of sources from which the personal information is collected;
    • The business or commercial purpose for collecting or sharing your personal information;
    • The categories of third-parties with whom we share your personal information;
    • The categories of personal information that we have “sold” about you, as well as the categories of third-parties to whom we sold the information.
  • Right to Rectification: You may have the right to have inaccurate information about you corrected or removed;
  • Right to Deletion/Right to Erasure: You may have the right to have certain personal information about you deleted from our records;
  • Right to Restriction of Processing: You may have the right to ask us to use your personal information for certain restricted or specified purposes only; Right to Object to Processing: You may have the right to object to us collecting, using, sharing, or storing (collectively “processing”) your personal information in certain cases;
  • Right to Portability: You may have the right to ask us to transfer your personal information to another company or individual in a computer-readable format;
  • Right to Withdraw Consent: You may have the right to withdraw any permission (or “consent”) you have given us to handle your personal information;
  • Right in Relation to Automated Decision Making: You may have the right to not be subject to automated decision making, or the right to have a manual review of the decision, as well as be informed of information regarding the logic used to make any automated decisions;
  • Right to Complain or File a Dispute to the Relevant Data Protection Authority: You have the right to complain to the relevant data protection authority where you think we have not used your personal information or met your rights in accordance with relevant data protection law.
  • If you are a California resident, you have the right to direct us to not sell your personal information.
    • While we do not sell personal information in exchange for monetary consideration, we do share, and over the preceding twelve months may have shared, personal information for other benefits that could be deemed a “Sale,” as defined by the California Consumer Privacy Act in the California Civil Code 1798.140 section (t)(1). This includes sharing of identifiers (such as IP address or email address), commercial information (such as product interest), and internet or other electronic network activity usage data with advertising partners and networks, and website analytics companies.
    • With respect to our use of third-party marketing cookies, you can always customize your settings at any time. See Section 12 “Cookies Notice” for further information on how to do this.

To make a request related to the above privacy rights, please contact us via email at privacy@chromatic.com, providing us with details on the request type you wish to make.

Or, contact us by mail at the following postal address:

Chroma Software, Inc. ATTN: Privacy Office, 548 Market St. #26384 San Francisco, CA 94104, USA

EU residents can find the contact information for the EU Data Protection Authorities here: https://edpb.europa.eu/about-edpb/board/members_en.

14. Questions and Contacts

We hope this Privacy Notice has been helpful in explaining the way we handle your personal information and your rights to control it. For any questions or comments in relation to this Privacy Notice and our privacy practices in general, please contact our Privacy Office who will be pleased to help you by email at privacy@chromatic.com.

15. Changes to Our Privacy Notice

Any changes we make to this Privacy Notice in the future will be posted on this page. The updated Privacy Notice will take effect as soon as it has been updated or otherwise communicated to you.