Effective May 25, 2021

Introduction

Ezassi, Inc., including its affiliates (collectively, “Ezassi”), is strongly committed to the protection of the personal information that we collect and/or maintain in the course of our business activities (“Personal Data”). As part of this commitment, we have set out this Privacy Policy to describe the manner in which we treat our customers’ and prospective customers’ Personal Data when hosted on our cloud-based innovation and collaboration software applications (collectively, “Innovation Software”), as well as Personal Data we collect via other means, such as through our website, www.ezassi.com, and its subdomains and related domains (collectively, “Site”), and from third parties. Please read this document carefully, as it describes how Ezassi collects, uses, shares and secures the personal information you provide. It also describes your choices regarding use, access and correction of your personal information.

Personal Data We Collect

1. Innovation Data

Ezassi’s Innovation Software is a powerful, customizable open innovation management software system which helps our customers cultivate and implement innovation faster and more effectively. Ezassi’s Innovation Software allows our customers to upload, evaluate and visualize ideas and information related to the innovation process (“Innovation Data”). Our customers choose the types of Innovation Data they upload into the Innovation Software. Ezassi does not collect or use the Innovation Data for any purpose other than as described in this Privacy Policy, to provide the innovation management services our customers request or as otherwise described in the agreement between us and our customer.

2. Web Site and Other
   We may collect and use the following information via the Site or other activities:
   1. If you express an interest in obtaining additional information about our services, request customer support, use our “Contact Us” or similar features, register to use our Site, sign up for an event or webinar, or download certain content, we generally require you to provide us with your contact information, such as your name, job title, company name, address, phone number, email address, or username and password in order to fulfill your request;
   2. If you register for an event, we may also require you to provide us with financial and billing information, such as billing name and address and credit card number so that we may process your payment;
   3. If you register for an online community that we host, we may ask you to provide a username, email address, photo and/or biographical information such as your occupation, social media profiles, company name, and areas of expertise to improve the quality of our Site;
   4. If you use and interact with our Site, we automatically collect log files and other information about your device and your usage of our Site through cookies, web beacons or similar technologies, such as pages visited, IP addresses, browser type and operating system, Internet service provider or mobile carrier, location data, and other identifiers, so that we may analyze trends, monitor and administer the Site, enforce our security policies and terms of use, provide a more tailored and personalized experience for our users, and gather demographic information about our user base as a whole;
   5. If you receive email from us, we may place web beacons in marketing emails that notify us when you click on a link in the email so that we may better understand your interests and needs;
   6. If you visit our offices, you may be required to register as a visitor and to provide a copy of your government issued identification and the date and time of arrival for security purposes.

Our Site contains links to other websites, applications and services maintained by third parties (“Third Party Sites”). Our Site also includes social media features, such as the Facebook “like” button, the “Tweet” button and other social media widgets (“Social Media Widgets”). The privacy practices of Third Party Sites and Social Media Widgets are governed by the respective third-party’s privacy policy, which we encourage you to review to better understand their privacy practices. If you are logged into your social media account, it is possible that the respective social media network can link your visit of our Site with your social media profile.

3. We may also collect information about you from other sources, including third parties from whom we have purchased Personal Data, and combine this information with Personal Data provided by you. This helps us to update, expand and analyze our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you. In particular, we may collect: business contact information, including mailing address, job title, email address, phone number, web use behavior data, IP addresses, social handles, LinkedIn URL and third-party data providers for the purposes of targeted advertising, delivering relevant email content, event promotion and profiling

Data Retention

Ezassi retains Innovation Data according to the terms of the Subscription Agreement and as long as necessary to satisfy our legal obligations. Other Personal Data may be retained for a period of time consistent with the original purpose of the collection. After expiry of the retention periods, your Personal Data will be deleted and/or properly anonymized.

Personal Data We Share

As a matter of practice, Ezassi does not disclose, trade, rent, sell or otherwise transfer personal information provided to us, except as set out in this Privacy Policy.

1. We may disclose or transfer personal information to our contracted partners, consultants and suppliers who provide services on our behalf (collectively, “Service Providers”). Our service providers are given only the information they need to perform their designated functions, and we do not authorize them to use or disclose personal information for their own purposes. These services may include:
   1. providing, managing, and securing our cloud computing infrastructure, including data backup and resiliency;
   2. event registration and management for events and webinars;
   3. marketing assistance and customer service;
   4. audit, analysis or other business functions.

2. We and our Service Providers may provide personal information in response to a search warrant or other legally valid inquiry or order, or to an investigative body in the case of a breach of an agreement or contravention of law, or as otherwise required or permitted by applicable law. We may also disclose personal information where necessary for the establishment, exercise or defense of legal claims and to investigate or prevent actual or suspect loss or harm to persons, data or property.
3. Personal Data collected from the Site may be shared with our affiliated companies in order to deliver the products and services we offer or in order to undertake analysis of our database such as aggregate profiling of our Registered Users.

4. In the event that we are, or substantially all of our assets are, acquired (whether by merger, consolidation, or purchase), Personal Data and Innovation Data will be transferred. In addition, if we become the subject of a bankruptcy proceeding (whether voluntary or involuntary), we or our trustee in bankruptcy may sell, license, or otherwise dispose of such information in a transaction approved by the bankruptcy court. In such circumstances, Registered Users will be notified via e‑mail or through a prominent notice posted on the Site.

Security Measures

We maintain appropriate technical, physical and organizational measures to protect Personal Data and Innovation Data, including assuring that third-party service providers who access or handle personal information on our behalf and affiliates maintain such safeguards. However, no method of Internet transmission or electronic storage is 100% secure or error-free, so it is not possible to guarantee absolute security.

You must protect against unauthorized access to your password and to your computer, and be sure to sign off when finished using a shared computer. If we have given you or you have chosen a password which enables you to access certain portions of our Site, you are responsible for keeping this password confidential. You should not share your password with anyone. If you have reason to believe that your interaction with us is no longer secure (e.g., if you feel that the security of any account you might have with us has been compromised), please notify us immediately (see “Contact Us” below).

Opt Out

You may be able to opt-out of certain processing. For example, if you would like to discontinue receiving our newsletter, you may update your email preferences by using the “Unsubscribe” link found in the emails we send. You may also configure your browser to reject cookies, web beacons, and other statistical analysis tools, though doing so may affect the performance or functionality of the Site. For additional help, please contact us in accordance with the “Contact Us” section below.

Children

Our Site is not directed at children. We do not knowingly collect Personal Data from children under the age of 16. If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us as described in the “Contact Us” section below and we will take steps to delete such Personal Data from our systems.

EU General Data Protection Regulation

The European Union has taken a monumental step in protecting the fundamental right to privacy for every EU resident with the General Data Protection Regulation (GDPR) which is effective from May 25, 2018. This regulation enhances the data privacy protections for EU citizens and is a mandatory requirement for any company with access to personal data of EU citizens. As a data processor serving many multi-national companies with employees in the EU, Ezassi is committed to full compliance with GDPR regulations and the protection of our customers’ Personal Data and Innovation Data.

1. Legal Basis for Innovation Data

In the context of GDPR and with respect to Innovation Data, Ezassi is a data processor acting on behalf of and under the direction of our customers, who are the data controllers. Ezassi has worked extensively to ensure that our subscription and related agreements (“Subscription Agreements”) contain appropriate provisions for Personal Data we store, and balance the risks and responsibilities between us, our customers, and those individuals which our customers have authorized to use the Innovation Software (“Registered Users”). Ezassi’s legal basis for data processing of Innovation Data is based on the contractual obligations in the Subscription Agreements and in the employment contract or other such contracts as may exist between our customers and their Registered Users.

2. Legal Basis for Other Personal Data

With respect to other Personal Data that Ezassi collects, Ezassi is the data controller. The legal basis for data processing in this case is consent and, accordingly, you have certain rights subject to local data protection laws:

1. to access your Personal Data held by us;
2. to rectify inaccurate Personal Data and ensure it is complete;
3. to erase your Personal Data to the extent permitted by other legal obligations;
4. to restrict our processing of your Personal Data;
5. to transfer your Personal Data to another controller, subject to certain limitations;
6. to object to any processing of your Personal Data carried out on the basis of your consent;
7. not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects;
8. to the extent we base the collection, processing and sharing of your Personal Data on your consent, to withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal.

3. Limited Use of Data

When Ezassi processes Innovation Data received from a customer or Registered User, Ezassi does so pursuant only to the Subscription Agreement and the customer’s instructions and prior authorization. Ezassi processes other Personal Data only to the extent that the data subjects have given consent to such processing, or, in the case of anonymized, statistical data, according Ezassi’s legitimate interests.

4. How to Exercise Your Rights

To exercise your rights, please contact us in accordance with the “Contact Us” section below. We try to respond to all legitimate requests within one month and will contact you if we need additional information from you in order to honor your request. Occasionally it may take us longer than a month, taking into account the complexity and number of requests we receive.

Regarding Innovation Data, Ezassi processes only the data which our customers and their Registered Users have chosen to share. Ezassi’s right to access, process, modify or delete such data is governed by the Subscription Agreement and Ezassi has only limited means of directly satisfying requests to erase, rectify or port Innovation Data. To ensure that EU citizens are able to exercise those rights, Ezassi’s data protection officer coordinates heavily with our customers’ data protection officers and, where appropriate, their EU member representatives. EU citizens with privacy concerns about Innovation Data may contact our data protection officer in accordance with the “Contact Us” section below. Please provide the name of the Ezassi customer who submitted your data when you contact us. We will refer your request to that customer, and will support them as needed in responding to your request within a reasonable timeframe.

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here:  //ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.  If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.

Your Personal Data may be collected, transferred to and stored by us in the United States.

For EU and Swiss Individuals: Privacy Shield Notice for Personal Data Transfers to the United States

Ezassi complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland transferred to the United States pursuant to Privacy Shield.  Ezassi has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit //www.privacyshield.gov/

Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States.  Upon request, we will provide you with access to the personal information that we hold about you.  You may also may correct, amend, or delete the personal information we hold about you.  An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to privacy@ezassi.com.  If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out or opt-in choice before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.  To request to limit the use and disclosure of your personal information, please submit a written request to privacy@ezassi.com.

Ezassi is responsible for the processing of personal data it receives under the Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. Ezassi complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Ezassi is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Ezassi may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the Privacy Shield Principles, Ezassi commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Ezassi at: privacy@ezassi.com. Written inquiries may be addressed to:

Ezassi, Inc.

Attn: Privacy Officer

822 A1A North, Suite 104

Ponte Vedra Beach, FL 32082 USA

Ezassi has further committed to refer unresolved Privacy Shield complaints to BBB EU PRIVACY SHIELD, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit //bbbprograms.org/privacy-shield-complaints for more information or to file a complaint.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See Privacy Shield Annex 1 at //www.privacyshield.gov/article?id=ANNEX-I-introduction

Contact Us

The Data Protection Officer for Ezassi may be reached by email at privacy@ezassi.com. You may also send correspondence to:

Data Protection Officer
822 A1A North
Suite 104
Ponte Vedra Beach, FL 32082 USA

Please be sure to include in your request:

First and last name

Email address

Country

The name of the related Ezassi client

Details of your question, comment or request