Brafton, Inc. (“Brafton” or “we”) respects your privacy and is committed to protecting it through our compliance with this statement. This Privacy Statement (“Statement“) describes the types of Personal Information, as defined below, we may collect from you or that you may provide when you use visit our websites, including www.brafton.com, whether through a computer or on a mobile device. This Statement is intended to be read by and pertains to processing of Personal Information provided by Brafton’s customers and users of Brafton.com (“you” or “your“).
This Statement is also a notice to California residents, to comply with the California Consumer Privacy Act of 2020 (CCPA) and any terms defined in the CCPA have the same meaning when used in this notice. Under such regulation, Brafton is at all times acting in its capacity as a Service Provider – processing information on behalf of its customers and website visitors in a business to business setting.
Please read this Statement carefully to understand our policies and practices regarding your Personal Information and how we will treat it. When you visit Brafton.com, you consent to our collection and use of information about individuals as described below.
If you do not agree with our policies and practices, your choice is not to visit Brafton.com. This Statement may change from time to time. Your continued use of the Brafton Solution(s) after we make changes is deemed to be acceptance of those changes, so please check the Statement periodically for updates.
This statement applies to Personal Information we collect:
- On Brafton.com whether on a computer or a mobile device;
- In email, text, and other electronic messages between you and Brafton, Inc.
- where such collected information identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or device. (collectively “Personal Information“).
Personal Information has different meanings depending upon which regulation is applicable to it. Brafton has taken a comprehensive approach and individuals can also rely on the applicable regulatory definition of personal information when interpreting this Statement.
Personal Information does not include:
- Publicly available information from government records;
- Information received from the business relationship which has been de-identified or aggregated;
- De-identified information is information that on its own, or together with a subset of data, cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular person.
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and any comparable state regulation (as applicable); or
- Personal information covered by the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), the Driver’s Privacy Protection Acts of 1994, or any comparable state regulations (as applicable)).
In particular, Brafton has collected and processed the following categories of Personal Information from its visitors and potential prospects through the methods described above within the last twelve (12) months.
Category: Examples (not intended to be exhaustive)
Identifiers, including Personal Information listed in customer records statutes: Real name; postal address; email address; telephone number; Internet Protocol address; device identifiers; employment, including current and historical; other device identifiers including the operating system, browser type, network information; or other similar identifiers.
Geolocation data: Physical location of users, generally and specifically.
Brafton obtains the categories of Personal Information listed above from the following categories of sources:
- Directly from you – Personal Information that you input into Brafton.com forms.
- Indirectly from you. For example, from observing User actions on Brafton.com.
- Records and copies of your correspondence (including email addresses), if you contact us through email correspondence.
- Third-party sources – Name, company, title, email address, phone number and other PI from sources such as Zoom.info and Discover.org for customized marketing activities.
The technologies we use for data collection may include:
USE OF YOUR PERSONAL INFORMATION
How We Use Your Personal Information
Brafton does not disclose, share or sell your Personal Information to third-party businesses. However, we may be compelled to share your information:
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- To enforce or apply any agreements, including for billing and collection purposes.
Brafton will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Choices About How We Use and Disclose Your Personal Information
We strive to provide you with choices regarding the Personal Information you provide to us. We have created mechanisms to provide you with the following control over your Personal Information:
- Promotional Offers from Brafton. If you do not wish to have your email address/contact information used by Brafton to promote our own products or services, you can opt-out by unsubscribing within the email sent to you or by sending us an email stating your request to opt-out of marketing communications to email@example.com. If we have sent you a promotional email, please use the above 2 methods and do not send us a return email asking to be omitted from future email distributions as the sending email address might not be able to accept incoming email.
The website has industry standard security measures in place to protect the loss, misuse, and alteration of the information under our control. We have implemented measures designed to secure Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure.
The safety and security of your Personal Information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of Brafton’s website. you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to, through, or by Brafton. Any transmission of Personal Information is at your own risk.
Minors and children should not use the Website.
If you browse our website, third parties may set cookies in your browser to enable targeted advertising.You can opt out of this advertising at youronlinechoices.com.
PERSONAL INFORMATION RIGHTS AND CHOICES
Certain regulations (including the CCPA) provide individuals with specific rights regarding their Personal Information. Brafton is at all times a Service Provider (as defined in CCPA) or Controller (as defined in the European General Data Protection Regulation) of the Personal Information. As such, Brafton will not substantively respond to any individual exercising such a right. If we receive a query regarding the below rights from an individual about which you inputted Personal Information, we will direct that individual back to you as the Brafton customer who controls the Personal Information.
This section describes your rights and explains how to exercise those rights.
If you receive a query regarding the below rights from an individual about which you inputted Personal Information, you should be able to respond to that request without additional assistance from Brafton. Please limit requests for Brafton assistance to those that relate to specific third parties with which we have shared the Personal Information or with regards to archive and back-up information, if so affected by the request.
(1) Access to Specific Personal Information and Data Portability Rights
You may access, update, correct or extract any and all Personal Information from Brafton.
For both Personal Information relating to users and the third parties about which you inputted Personal Information, you have the right to request that Brafton disclose certain Personal Information to you about our collection and use of the Personal Information over the past twelve (12) months. Once we receive and confirm your verifiable individual request we will disclose to you:
- The categories of Personal Information we collected about you or an individual about which you inputted Personal Information.
- The sources for the Personal Information we collected about you or an individual about which you inputted Personal Information.
- Our business or commercial purpose for collecting that Personal Information.
- The categories of third parties with whom we share that Personal Information.
- The specific pieces of Personal Information we collected about you or an individual about which you inputted Personal Information (also called a data portability request).
(2) Deletion Request Rights
You may request to delete any and all Personal Information you have inputted.
You have the right to request that Brafton delete any Personal Information about you or that you have inputted that was collected and retained, subject to certain exceptions including regulatory data retention requirements. Once we receive and confirm your verifiable individual request, we will delete (and direct our service providers to delete) the Personal Information from our records, unless an exception applies.
We may deny your deletion request if retaining the Personal Information is necessary for us or our third party service provider(s) to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation, including, but not limited to, compliance with applicable state and federal regulations that govern retention of Personal Information.
- Make other internal and lawful uses of that Personal Information that are compatible with the context in which you provided it.
(3) Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable request to us through to firstname.lastname@example.org.
Only you may make a verifiable request related to Personal Information that we collected from you or your users. You may make a verifiable request as the individual that the Personal Information is about (the user) or on behalf of an individual whose Personal Information you have provided to us, in such a case you must provide the verification of that individual.
You may only make a verifiable request for access or data portability twice within a 12-month period. The verifiable request must:
- Provide sufficient information that allows us to reasonably verify you are either i) the person about whom we collected Personal Information or ii) an authorized representative which inputted the Personal Information
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you or an individual about which you inputted Personal Information.
We will only use Personal Information provided in a verifiable request to verify the requestor’s identity or authority to make the request.
(4) Response Timing and Format
We endeavor to respond to a verifiable request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
We will deliver our written response by mail or electronically, at your option and direction.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the Personal Information from one entity to another entity without hindrance.
We will not discriminate against you for exercising any of your Personal Information rights. Unless permitted by applicable regulations, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
CHANGES TO OUR PRIVACY STATEMENT
Brafton reserves the right to amend this Statement at our discretion and at any time.
Last Updated and Effective: December 30, 2019.