Effective march 20, 2019

Introduction

Passage Technology, LLC, an Illinois limited liability company (“Company”) is dedicated to protecting your personal information and informing you about how we use your information. This Privacy Policy applies to your use of any Company-owned websites, software, Salesforce Apps, or associated services (collectively the “Services”). This Privacy Policy should be read in conjunction with the Master Subscription Agreement when you are required to review the Master Subscription Agreement as this Privacy Policy has been wholly integrated into the Master Subscription Agreement. Where no definitions are given, any proper nouns will have the same definitions and meanings as defined by the Master Subscription Agreement. Please review this Privacy Policy periodically as we may revise it from time to time without notice. If you do not agree with or accept our Privacy Policy in its entirety, you must not access or use the Services. Salesforce.com, Inc.’s (“Salesforce”) full Privacy Statement contains additional information about that company’s privacy practices, which are relevant to your use of certain Services. Salesforce has certified certain service offerings under the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. For more information on Salesforce’s Privacy Shield compliance, please click here.

Information Collected

We gather various types of Personally Identifiable Information (“PII”) from users of the Services, as explained more fully below. We may use this PII to personalize and improve the Services, to allow users to set up a user account, to contact users, to fulfill your requests for certain products and services, to analyze how users utilize the Services, and as otherwise set forth in this Privacy Policy. We may share certain types of PII with third-parties, as described below. For the purposes of this Privacy Policy the phrases PII, personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed or otherwise anonymized.

If you are a visitor to any Company-owned website, you may provide PII (e.g., name, address, telephone number, email address, company name, referring company name and/or referring contact) directly to us by completing a form, such as the contact us form on www.passagetechnology.com (link), to learn more about our Services, use interactive features of Company-owned websites, become a registered user of the Services, subscribe to a blog and emails, participate in surveys, contests, promotions or sweepstakes, or otherwise communicate with us. We may use the PII you provide to us and as directed by you to do the following: create an account, fulfill your request for a demo, subscribe you to marketing communications, reply to your contact request, process billing if you are a customer, provide referral attribution, or otherwise take action related to the purpose for which you have supplied us your PII. Our marketing communications may include contacting you by email or using other various methods of communication, to further contact you regarding your interest in our Services and to send you information regarding the Services, including information about promotions or events. Should you inquire about or purchase any Services utilizing a Company website, the information you supply during this process may be used to track details about those inquiries or purchases.

If you register to attend or attend a Company-sponsored event or other event in which Company participates, you will be required to provide certain PII to us (e.g., name, address, contact info.). You will also be subject to additional terms and conditions regarding your participation in the event that reference this Privacy Policy. We may use this information to reserve your participation in the event, verify your right to participate, and we may use it to track access to facilities and as otherwise described in the separate terms and conditions that apply to the event. We may also use this information for marketing purposes and customer follow-up activities to obtain your feedback.

Personally Identifiable Information Collected Via the Services

Except where you are required to register or login, you will not be required to provide us with any information when you visit our Services. However, portions of our Services may require you to submit PII to us. During your use of the Services we may collect your name, email, address, telephone number, company name and address, organization information, and other identifying details, including the identifying details of others with whom you have opted to share with us. You acknowledge that at any time when you utilize any referral forms or otherwise share third-party PII with us, that you have the referred person’s permission to share their PII with us. Any PII you submit via the Services shall be used and disclosed in accordance with this Privacy Policy. We may also collect payment information that you make available to us for your use of the Services. Please be aware that this payment information shall be stored by third party payment processors and be subject to their Privacy Policy.

Whenever you interact with the Services or Company-owned social media account, partner networks, Company events, and Company services, we automatically receive and record information on our server logs from your browser including your IP address, “cookie” information, and the page you requested. “Cookies” are identifiers we transfer to your computer or mobile device that allow us to recognize your browser or mobile device and tell us how and when pages and features in our Services are visited and by how many people. You may be able to change the preferences on your browser or mobile device to prevent or limit your computer or device’s acceptance of cookies, but this may prevent you from taking advantage of some of our features. If you click on a link to a third-party website, such third-party may also transmit cookies to you. This Privacy Policy does not cover the use of cookies by any third-parties and you should review that company’s Cookie Policy for a more comprehensive overview of its applicable practices.

Non-Identifying Information

Whenever you use our Services, we may collect non-identifying information from you, such as but not limited to: your IP address, job title, industry, how you first heard about us, interactions with the Services, query information, location information, pricing data, research history, location and GPS information, referring URL, browser, application interaction, mobile provider information, operating system, data usage, data transferred, and Internet Service Provider.  

Anonymized Data

Please be aware that we me may collect and aggregate PII from our Services and may anonymize that information for our own research or internal purposes. Once such data has been anonymized, it cannot be traced back to you, the user.

Use of Your Information

This section explains how we plan on using your information submitted by us. In order to use our Services, you agree that we may use your PII:

  • To enhance or improve your user experience.
  • To share with users of the Services.
  • To improve the Services.
  • To email you newsletters and marketing as required.
  • To understand how you communicate and use our Services.
  • To contact and correspond with you and to respond to your inquiries.
  • To establish an account and use the Services. We may ask for and collect PII about you such as your name, address, phone number, email address, company name and the like when you register for an account to use our Services, including when you are acting on behalf of a customer, typically an organization or company. In addition, if you are an individual authorized user of our Services pursuant to a Master Subscription Agreement or similar agreement (“MSA”) between Company and one of our customers, the MSA might impose additional restrictions on Company’s use or collection of PII. We communicate with our customers on a regular basis via email, and we may also communicate by phone to resolve customer cases,investigate suspicious transactions, or for promotion purposes. We may use your email address to confirm your opening of an account, to send you notices regarding payments, software updates, or to send notices and other disclosures as required by law. Generally, customers cannot opt out of informational communications relevant to their accounts.
  • As part of the customer content processed when using the Services. Our customers use the Services to store, manage, and manipulate important business data, documents, and materials, i.e., their “customer content”. This data may include PII to the extent our customer has included it. They upload this data to our Services, and exclusively control and manage it. This data may include PII. In this context, Company acts as a data “processor” on behalf of our customer, and the customer is the data “controller.” The terms “processor” and “controller,” as used in this Privacy Policy, have the meanings given to them in Article 4 of the GDPR, regardless of whether the GDPR applies to you. As the data controller, the customer is directly responsible to the individuals to whom the PII relates, including for correcting, deleting or updating PII they have collected from you and are storing using our Services. Company does not use any PII within customer content, except to the extent it is processed by Company in connection with operating and providing Services to our customers. While we are contractually obligated to our customers to maintain the confidentiality and privacy of customer content, including PII, typically no person at Company will have a need to access this PII, except to the extent necessary to address technical issues related to our Services, as instructed by our customer, as necessary to otherwise fulfill our contractual obligations to our customer, or as otherwise required by law. Our Customers are solely responsible for establishing their own data privacy and security policies and for their compliance with all applicable laws and regulations, agreements or other obligations relating to the PII of individuals with whom they interact. Nevertheless, we acknowledge that individuals have various rights and options regarding their PII, and we work with our customers to help them provide notice to their customers – including individuals – concerning the purposes for which they use our Services to process the PII of their customers. If our customer requests us to remove your PII from their customer content – the data stored by our Services – we will respond to their request promptly.

Additionally, we may give your information to law enforcement if we are compelled to by a court order, if there has been a violation of any US laws, international laws or if a violation of any other agreements or the Privacy Policy has occurred.

Accessing, Editing, and Removing Your Information

If you have submitted information to our Services you will be unable to edit that information. When using our Services you may be able to access and edit your information via the Services dashboard.  However, you will be unable to opt out of any of our data collection practices via the Services. If at any time, you have any questions or wish to review, change, opt out of certain data collection practices, or delete any of your information collected by us, please contact us at support@passagetech.com.  Additionally, if you would like us to permanently remove any accessible copies of your information, please follow the instructions listed within the “removal of information” section and contact us at support@passagetech.com. After you have cancelled your account please be aware that we may keep inaccessible copies of your information for a commercially reasonable period of time for business and legal purposes

Removal of Information

If you wish to have any of your personal information stored by Company in connection with the Services removed, please contact us at support@passagetech.com. With each removal request you must list the information you wish to have removed exactly as listed.  Please be aware that removal requests are not processed instantaneously. There may be a reasonable delay in removing any information requested.

As Company collects data from multiple sources a single removal request may not eliminate all of your personal information listed in our database. Therefore, you may be required to submit multiple requests. If your information repeatedly reappears please contact us.

You may make a removal request by email at support@passagetech.com, please label the subject of the email with the following “Removal Request – [Insert Your Full Name] and [Insert the Name of the Product You Ordered]”.

Choices About How We Use and Disclose Your Information

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:

  • Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe's website. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.
  • Promotional Offers from Us. If you do not wish to have your contact information used by us to promote our own or third-parties' products or services, you can opt-out by sending us an email stating your request to marketing@passagetech.com. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions, or, if available, use the unsubscribe/subscription update preferences links in the footer of the email.

We do not control third-parties' collection or use of your information to serve Interest-based advertising. However these third-parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative at: http://optout.networkadvertising.org/?c=1.

Cookies and Other Tracking

Our current Services uses cookies in accordance with our Cookie Policy.

Third Party Access to Your Information

Although you are entering into an Agreement with Company to disclose your information to us, we do use third-party individuals and organizations to assist us, including contractors, web hosts, and others to allow you to access the Services.

Throughout the course of our provision of the Services to you, we may delegate our authority to collect, access, use, and disseminate your information. It is therefore necessary that you grant the third-parties we may use in the course of our business the same rights that you afford us under this Privacy Policy.  For this reason, you hereby agree that for every authorization which you grant to us in this Privacy Policy, you also grant to any third-party that we may hire, contract, or otherwise retain the services of for the purpose of operating, maintaining, repairing, or otherwise improving or preserving our Services or its underlying files or systems. You agree not to hold us liable for the actions of any of these third-parties, even if we would normally be held vicariously liable for their actions, and that you must take legal action against them directly should they commit any tort or other actionable wrong against you.  

Law Enforcement

You agree that we may disclose your information to authorities if compelled to by a court order.  Additionally, you agree that we may disclose your information if we reasonably believe that you have violated any US laws or the terms of any of our agreements with you or if we believe that a third party is at risk of bodily harm. In the event that we receive a subpoena affecting your privacy, we may elect to notify you to give you an opportunity to file a motion to quash the subpoena, or we may attempt to quash it ourselves, but we are not obligated to do either. We may also proactively report you and release your information without receiving any request to third-parties where we believe that it is proper to do so for legal reasons, where your actions violate any laws of the US or any other country having jurisdiction over us, our services, or the Services. You release us from any damages that may arise from or relate to the release of your information to a request from law enforcement agencies or private litigants. We may release your information under the conditions listed in this paragraph whether it is to individuals or entities and to any state or national authorities, as required.

Commercial, Non-Commercial Communications and Do Not Track

If you decide to provide us with your contact information, you agree that we may send you communications via text, phone, and email. However, you may unsubscribe from certain communications by notifying marketing@passagetech.com that you no longer wish to receive these communications, we will endeavour to promptly remove you from our notification listings once we have received that request. We currently do not offer website functionality for you to opt into any “do not track” listings. If you wish to opt out of certain communications or information collection, please contact us at marketing@passagetech.com.  

Third Parties

Company  may post links to third party websites on our Services, which may include information that we have no control over. When accessing a third-party site through our Services, you acknowledge that you are aware that these third-party websites are not screened for privacy or security issues by us, and you release us from any liability for the conduct of these third-party websites.

Please be aware that this Privacy Policy, and any other policies in place, in addition to any amendments, does not create rights enforceable by third-parties. Company bears no responsibility for the information collected or used by any advertiser or third party website. You must review their Terms of Service and Privacy to understand how their information collection practices work.

Security Measures

We make reasonable attempts to protect your information by using physical and electronic safeguards. For these reasons Company employs SSL certificates. However, as our Services are hosted electronically we can make no guarantees as to the security or privacy of your information. For this reason, we recommend that you use anti-virus software, routine credit checks, firewalls, and other precautions to protect yourself from security and privacy threats.

Your California Privacy Rights

Company  permits residents of the State of California to use the Services, and complies with the California Business and Professions Code §§ 22575-22579.  If you are a California resident you may request certain information regarding our disclosure of personal information to any third parties for their direct marketing purposes. Various provisions throughout this Privacy Policy address requirements of the Californian privacy statutes. Although we do not disseminate your information to third parties without permission, you must presume that we collect electronic information from all visitors. California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Services that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. You may contact us at support@passagetech.com with any such requests or questions.

Age Compliance

We intend to fully comply with American and international laws respecting children’s privacy.  Therefore, we do not collect or process any information for any persons under the age of 18. If you are under 18 please do not access the Services. Our Services are not intended for children under 18 years of age. No one under age 18 may provide any personal information to or on the Services. We do not knowingly collect personal information from children under 18. If you are under 18, do not use or provide any information on or through the Services or on or through any of its, use any of the interactive or public comment features of the Services or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18 please contact us at llc-members@passagetech.com. California residents under 18 years of age may have additional rights regarding the collection and sale of their personal information. Please see the section entitled ‘Your California Privacy Rights’ for more information.

International Transfer

Your information may be transferred to - and maintained on - computers located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction.  We may transfer personal information to the US or elsewhere and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Merger and Acquisition

In the event that the Company  is involved in a bankruptcy, merger, acquisition, reorganization or sale of assets, your information may be sold or transferred as part of that transaction. Please be aware that once the information is transferred your privacy rights may change.

Amendments

Like our Master Subscription Agreement, we may amend this Privacy Policy from time to time.  When we amend this Privacy Policy, we will modify the date listed on this Agreement or we may contact you. You must agree to the amendments as a condition of your continued use of our Services. If you do not agree, you must immediately cease using our Services and notify us of your refusal to agree by e-mailing us at sales@passagetech.com.

Privacy Notice for European Citizens

Company respects the rights of citizens living within the European Economic Community (“EEC”) and the rights afforded to them under the General Data Protection Regulation (“GDPR”), the following sections are referred to as our Privacy Notice and address additional privileges that EEC users may have under our Privacy Policy. Company is the data controller responsible for your information when you use the Services. Company has its headquarters in the United States. Information we collect from you will be processed may be processed within the United States. In particular, the Company collects and transfers to the U.S. personal data only: with your consent; to perform a contract with you; or to fulfill a compelling legitimate interest of the Company in a manner that does not outweigh your rights and freedoms. We endeavor to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with us and the practices described in this Privacy Policy. We also enters into data processing agreements and model clauses with vendors whenever feasible and appropriate.

Under the GDPR, the data controller has additional obligations to any users who submit PII to us. The GDPR affords the following rights to EEC citizens and persons residing in EEC territories.

Legal Rights

Your Rights Under the GDPR

Right to be informed Company wishes to keep you informed as to what we do with your personal information. We strive to be transparent about how we use your data.
Right to access You have the right to access your information at any time. Please contact us at support@passagetech.com if you wish to access the personal information Company holds about you.
Right to rectification If the information Company holds about you is inaccurate or not complete, you have the right to ask us to rectify it. If that data has been passed to a third party with your consent or for legal reasons, then we must also ask them to rectify the data. Please contact us for more information: support@passagetech.com.
Right to erasure Sometimes called ‘the right to be forgotten’. You have the right to request that Company to erase all your personal data, if you wish to do so please our team: support@passagetech.com.
Right to restrict processing You have the right to ask Company to restrict how we process your data. This means we are permitted to store the data but not further process it. We will only keep enough data to ensure that we can accommodate any additional requests. Please contact our team at: support@passagetech.com.
Right to data portability Company must allow you to port and reuse your personal data for your own purposes across different platforms. Please contact our team if you wish to receive additional information on how to port your data elsewhere: support@passagetech.com. This right only applies to personal data that you have provided to us as a data controller.
Right to object You have the right to object to Company processing your data even if our processing is due to legitimate purposes as described in our Privacy Notice, if you have any objections please contact our team at: support@passagetech.com.
Right to withdraw consent If you have given us your consent to process your data but change your mind later, you have the right to withdraw your consent at any time, and Company must stop processing your data. If you want to withdraw your consent, please contact our team at: support@passagetech.com.

Under the GDPR, you may exercise these rights by contacting us. If we process your information based on our legitimate interests or those of a third-party, or in the public interest, you can object to this processing, and we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons. You can also object to our processing of your information by contacting us.  

Additional Personal Information Collected

Under the GDPR, personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed or otherwise anonymized. As such, for the purposes of this Privacy Policy, we may collect additional PII, including: your IP address, information about people you have referred to our Services, interactions with and usage of the Services, query information, location information, pricing data, research history, location and GPS information, combined anonymous data, referring URL, browser, application interaction, mobile provider information, operating system, data usage, data transferred, and Internet Service Provider.  

Legitimate Purposes for Collecting Your PII

The following are the specific legitimate purposes that we may use your PII for:

  • Contract Administration -  We may use your PII to (1) negotiate, execute, renew and/or manage a contract with you; (2) process billing information and payments related thereto; and/or (3) communicate with you in respect of the above (including sending (legal) notifications).
  • Access  and Communications to Our Services - We may use your PII to (1) set-up and manage the your account in connection with the Services; (2) interact with you through our Services (e.g. software updates, Service announcements, etc.): and/or (3) manage and respond to your questions (e.g. technical, commercial or administrative) or requests for maintenance and support.
  • The Use of the Services - We may use your PII to (1) enable you to enjoy the use of, and easily navigate the Services; and/or (2) better understand your needs and interests; and/or (3) to learn how to use your installed application or to inform you on what features are or are not available with your installed product
  • Sharing with Third-Parties - We may use your personal information to share with our partner companies or future affiliates for research, marketing, and other purposes. We may also share your information service providers with whom we contract with such as contractors, web hosts, data providers and others so that we may provide you any services and allow you to access the Services. Listed below are the third-parties we may collect and share information with in strict accordance with this Privacy Policy and the Cookie Policy:
    • Salesforce, Inc.
    • FreshBooks, Inc.
    • FormStack, LLC
    • Facebook, Inc.
    • Twitter, Inc.
    • LinkedIn
    • Google
    • Lanyon Solutions, Inc.
    • HubSpot, Inc.
    • Amazon
    • G2Crowd
    • Olark
    • SurePayroll
    • Microsoft
    • VistaPrint
    • Fifth-Third Bank
    • Reddit
  • Allowing Downloads from the Services - We may use your PII to allow you download data or content from the Services.
  • Training & Improvements - We may use your PII to (1) train our employees or contractors to allow for a better Services experience; and/or (2) improve the Services.
  • Direct Marketing - We may use your PII to contact you for additional products and services that you may be interested in.
  • Information Third-Parties Provide About You - We may receive information from other businesses or users about you. For example, when other users submit a company inquiry or create a company profile they may include your information in such an inquiry. We require each of these users and businesses to have lawful rights to collect, use, and share your information before providing any information to us. If you wish to find an updated list of third parties we collect and share information with, please contact us.
  • Legal Process - We may share your information: if we believe that disclosure is reasonably necessary to comply with a law, regulation, legal or governmental request; to respond to a subpoena, court order, warrant, or other legal process; to enforce applicable provisions of the Master Service Agreement or this Privacy Policy, including investigation of potential violations thereof; to protect the safety, rights, or property of the public, any person, or Company; to detect, prevent, or otherwise address, security, or technical issues or illegal or suspected illegal activities (including fraud); to transfer in event of sale or merger; or as evidence in litigation in which we are involved, as part of a judicial or regulatory proceeding.

Retention of PII

Company will only retain your PII for as long as required. We will keep your personal information:

  • For any legally required duration.
  • Until we no longer have a valid reason to keep or use your PII.
  • Upon your request to eliminate, delete, or modify any of you PII stored with us.

Where you have requested modification or deletion of your PII, we may keep just enough of your personal information to ensure that we comply with your requests not use your personal information or comply with your right to erasure. If you require additional details regarding the retention of your PII please contact us.

Transfer of PII Outside of the EEC

Where your PII is transferred outside of the EEC to areas such as the United States, Company shall ensure that your PII shall have an adequate level of protection as required under the GDPR, including but not limited to executing Data Protection Agreements with our processors that process your information. These data transfers are necessary to provide the Services  to you. We utilize standard contract clauses approved by the European Commission and/or the EU/US Privacy Shield to ensure that your PII is properly protected and in conformance with GDPR requirements.

Legal Basis for Processing Information

We collect, use, and share the information we have as described above:

  • as necessary to fulfill our Master Subscription Agreement;
  • consistent with your consent, which you can revoke at any time;
  • as necessary to comply with our legal obligations;
  • occasionally to protect your vital interests, or those of others;
  • as necessary in the public interest; and
  • as necessary for our (or others') legitimate interests, including our interests in providing an safe and profitable services to our users and partners, except where such interests would be overruled by your compelling interests to your data privacy.

Sharing of Data with Third Parties

If you are covered under this Privacy Notice and have any additional questions, please contact us at: llc-members@passagetech.com or at:

Passage Technology, LLC

100 S Saunders Rd #150

Lake Forest, IL 60045


Passage Technology, LLC Data Protection Officer: Beatriz Johnson at dpo@passagetech.com.