Effective Date: 10/20/2020
As a supplement to Ease’s obligations under GDPR, Ease additionally participates in the Privacy Shield framework as designed by the U.S. Department of Commerce, the European Commission and Swiss Administration. Ease is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). In compliance with the Privacy Shield Principles, Ease commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Ease at:
E-mail: [email protected]; or
ATTN: Privacy and Data Protection
27271 Las Ramblas Suite 250
Mission Viejo, CA 92691 US
Ease has further committed to refer unresolved Privacy Shield complaints to JAMS Privacy Shield Program, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS Privacy Shield Program are provided at no cost to you. Under certain circumstances, Customers and Users may be able to invoke binding arbitration to address complaints about Ease’s compliance with the Principles.
For additional details please refer to the Ease Privacy Shield Policy located here: ease.io/legal/privacy-shield-policy.
Personal Information that Customers Upload Into Ease’s SaaS Offerings
Ease (‘the company’) is a service provider to businesses; the company provides Software-as-a-Service cloud applications and services platforms (“SaaS Offerings”), such as EASE Audits. Under applicable data protection laws, Ease’s customers are the controllers/database owners/responsible parties with respect to the personal data uploaded into the SaaS Offerings, and Ease is a processor/operator for its customers.
Ease processes the personal information that customers may upload into the Cloud Services only at the direction of the customer – to provide the Cloud Services to its customer, and to comply with applicable legal requirements. Ease does not have a direct relationship with the individuals whose personal information customers upload into the Cloud Services. Accordingly, we require our business customers, by contract, to comply with applicable data protection requirements, including to provide notice regarding customers’ data processing activities.
Personal Data We Collect in Connection with Ease’s Websites and Mobile Applications
In addition to the personal data that our customers upload into the SaaS Offerings, we collect personal data in connection with the use of our websites and mobile applications. The types of personal data that we may collect in connection with your use of our websites and mobile applications may include:
- Business contact information, such as your name, job title and employer name, email address, mailing address, and phone number, including administrative employee contact information provided by our Cloud Services customers
- The username that you may create for an account you establish on our websites or mobile applications
- Your comments and testimonials
The information that may be collected by automated means includes:
- Precise location information of users of our mobile applications
- Details about the devices that are used to access our websites or mobile applications (such as the IP address, unique device identifier, and type of operating system and web browser)
- Dates and times of visits to, and use of, our websites and mobile applications
- Information about how our websites and mobile applications are used (such as the content that is viewed on our websites and how users navigate between our webpages, or the features of our mobile applications that are used and how users navigate between screens on our mobile applications)
- URLs that refer visitors to our websites
- Search terms used to reach our websites or locate our mobile applications
Choosing Not to Share Your Personal Data
Where we are required by law to collect your personal data, or where we need your personal data in order to provide you with information or process your registration on our websites and mobile applications or requests, we may not be able to provide you with such services if you do not provide this data when requested (or later ask to delete it).
Cookies and Similar Technologies
|Type of cookie||Purpose|
|Essential Cookies||These cookies are essential to provide you with services available through our Sites and to enable you to use some of their features. Without these cookies, the services that you request may not be possible to provide. We only use these cookies to provide you with those services.|
|Functionality Cookies||These cookies allow our Sites to remember choices you make when you use our Sites. The purpose of these cookies is to provide you with a more personal experience and to avoid you from having to re-select your preferences every time you visit our Sites.|
|Analytics and Performance Cookies||These cookies are used to collect information about traffic to our Sites and how users use our Sites. The information gathered may include the number of visitors to our Sites, the websites that referred them to our Sites, the pages they visited on our Sites, what time of day they visited our Sites, whether they have visited our Sites before, and other similar information. We use this information to help operate our Sites more efficiently, to gather demographic information and to monitor the level of activity on our Sites.
We use Google Analytics and Heap Analytics for this purpose. Google Analytics and Heap Analytics use their own cookies and is only used to improve how our Sites work. You can find out more information about Google Analytics and Heap Analytics, cookies, and about how Google protects your data on the Google and Heap Analytics website. You can prevent the use of Google Analytics or Heap Analytics relating to your use of our Sites by downloading and installing a browser plugin.
What are cookies?
We may collect information using “cookies.” Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on our Sites.
Cookies We Use
Our Sites use the following types of cookies for the purposes set out below:
You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided in your browser (usually located within the “settings,” “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.
If you do not accept our cookies, you may experience issues in your use of our Sites and Services. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our Sites.
We may also use pixel tags (which are also known as web beacons and clear GIFs) on our Sites to track the actions of users on our Sites. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages. Pixel tags measure the success of our marketing campaigns and compile statistics about usage of the Sites, so that we can manage our content more effectively. The information we collect using pixel tags is not linked to our users’ personal data.
Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, we do not respond to web browser-based DNT signals at this time. Please see the “Your Rights and Choices” section below for information about how you may opt out of, or limit the use of, your browsing behavior for online behavioral advertising purposes.
Information From Social Networking Sites
How We Use The Personal Data We Collect
We use the personal data that customers upload into the Cloud Services only as directed by the customers and to comply with applicable legal requirements.
In addition, we may use other personal data we collect to:
- Facilitate of the provision of the SaaS Offerings and related purposes, including security and audits
- Establish and maintain user accounts on our websites or mobile applications
- Communicate with you about the products and services, and respond to your requests, inquiries, comments, and suggestions
- Operate, evaluate and improve our business, our websites and mobile applications, or communications strategies, and the products and services we offer (including to develop new products and services)
- Enable you to share information via your social network accounts
- Comply with legal requirements, judicial process, and our company policies (including to verify users’ identity in connection with access or correction requests)
- Protect against and prevent fraud, illegal activity (such as identifying and responding to incidents of hacking or misuse of our websites, mobile applications, and the Cloud Services), and claims and other liabilities, including by enforcing the terms and conditions that may apply to your use of our websites, mobile applications, or Cloud Services
Legal Bases for Processing
If you reside in the European Union (“EU”), we are required to inform you of the legal bases of our processing of your personal data on our Sites, which are described in the table below.
|Processing purpose||Legal basis|
|To provide services||Processing is necessary to provide services to you or to take steps that you request prior to providing those services|
|To communicate with you
For compliance, fraud prevention and safety purposes
To create anonymous data for analytics
|These processing activities are based on our legitimate interests. We consider and balance potential impact on your rights and do not process your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).|
|To comply with law||Processing is necessary to comply with our legal obligations|
|With your consent||Processing is based on your consent. Where we rely on consent, you have the right to withdraw it at any time.|
Personal Data We Share
We share the personal data that customers upload into the Cloud Services only as directed by the customers and to comply with applicable legal requirements.
We may share data regarding business customers’ personnel’s use of the Cloud Services, our websites and mobile applications with the relevant customers.
We may share the data we collect with our service providers that perform services on our behalf for the purposes described in this Privacy Notice. We contractually require these service providers to use or disclose the personal data only as necessary to perform services on our behalf or comply with legal requirements.
If you choose to comment on an article via our blog, we may display your name publicly along with your comment. Any personal data you provide or post in connection with our blog will not be regarded as confidential and may be made publicly available on the Internet and indexed by search engines.
We may post a customer testimonial on our website, with the customer’s prior consent.
Unless prohibited by applicable law, we reserve the right to transfer the data we maintain in the event we sell or transfer all or a portion of our business or assets. If we engage in such a sale or transfer, we will make reasonable efforts to direct the recipient to use your personal data in a manner that is consistent with this Privacy Notice. After such a sale or transfer, you may contact the recipient with any inquiries concerning the processing of your personal data.
We may share personal data to comply with legal requirements (e.g., to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements). We may also share your personal data to protect against and prevent fraud, illegal activity (such as identifying and responding to incidents of hacking or misuse of our websites and mobile applications) and claims and other liabilities.
We do not retain personal data for longer than necessary for the purposes for which the data was obtained or to comply with legal requirements. We retain personal data that we possess in connection with the SaaS Offerings as directed by the relevant customer and as required by law.
Your Rights and Choices
Regardless of where you reside, you can submit privacy inquiries and requests by email to [email protected] or to our postal address provided below regarding personal data other than which our customers uploads into the Cloud Services. If you reside in the EU, you may request that we take the following actions in relation to your personal data:
- Access. Provide you with information about our processing of your personal data and give you access to your personal data. We will provide you with a copy of the personal data we maintain about you in the ordinary course of business, to the extent the personal data is not available via our websites or mobile applications.
- Correct. Update or correct inaccuracies in your personal data. You may request to correct any errors in your personal data as further explained in the “how to Contact Us” section of this Privacy Notice.
- Delete. Delete your personal data.
- Transfer. Transfer a machine-readable copy of your personal data to you or a third party of your choice.
- Restrict. Restrict the processing of your personal data.
- Object. Object to our legitimate interests as the basis of our processing of your personal data.
We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you reside in the EU and would like to submit a complaint about our use of your personal data or response to your requests regarding your personal data, you may contact us or submit a complaint to the data protection regulatory authority in your country.
You may unsubscribe from receiving marketing emails from Ease by clicking the “unsubscribe” link in the footer of the message. Even if you unsubscribe, we may still send information such as administrative emails which pertain to the websites, mobile applications, or Cloud Services.
You may request removal of your personal information from our blog, customer testimonials, or other public portions of our websites, by contacting us at [email protected]. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
You may prevent us from automatically collecting your location information by disabling location services on your mobile device; or, if the option is available on your mobile device, by configuring your mobile device not to allow your mobile application to collect location information.
The business partners that collect information about your activities on our websites and in our mobile applications may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior for purposes of targeted advertising. European users may opt out of receiving targeted advertising through members of the European Interactive Digital Advertising Alliance by clicking here, selecting your country, and then clicking “Choices” (or similarly-titled link). Accordingly, you may manage Flash cookies here.
If your employer is a customer of the EASE Audits (SaaS) Cloud Services and provides your personal information to Ease to authorize you to use the Cloud Services, please contact your employer to exercise any legal rights that may apply. If you exercise applicable legal rights through your employer, we will work with your employer to respond to your request.
Liability for Onward Transfers
Ease complies with GDPR in addition to Privacy Shield’s Principles regarding accountability for onward transfers. Ease remains liable under GDPR if its onward transfer recipients process Personal Data in a manner inconsistent with GDPR, unless Ease proves that it was not responsible for the event giving rise to the damage.
International Data Transfers
The Ease SaaS Offerings are hosted in the United States, and we provide the Ease SaaS Offerings from the United States. If you use the Ease SaaS Offerings from the European Economic Area (“EEA”) or other regions with laws governing data collection and use that may differ from U.S. law, please note that we may transfer your Personal Information to countries other than the country where you are located, including to the United States.
How We Protect Personal Information
Ease implements reasonable physical, administrative and technical safeguards to help us protect your personal information from unauthorized access, use and disclosure. For example, we utilize encrypted connectivity for transfer of sensitive personal information over the Internet. We also require that our suppliers protect such information from unauthorized access, use and disclosure. However, no system or transmission of data over the Internet, or any storage of data, can be guaranteed to be 100% secure.
Links To Websites And Third-Party Content
For your convenience and information, we may provide links to websites and other third-party content that is not owned or operated by Ease. The websites and third-party content to which we link may have separate privacy notices or policies. Ease is not responsible for the privacy practices of any entity that it does not own or control.
Updates To Our Privacy Notice
When we update this Privacy Notice, we will notify you of changes that are deemed material under applicable legal requirements by posting a notice and the new Privacy Notice on or within our website or mobile applications or provide other notification as required by applicable law. We may also notify you of changes to the Privacy Notice in other ways, such as via email or other contact information you have provided.
How To Contact Us
You may contact us with questions, comments, or complaints about this Privacy Notice or our privacy practices, or to request access to or correction of your information. Our contact information is as follows:
E-mail: [email protected]; or
ATTN: Privacy and Data Protection
27271 Las Ramblas Suite 250
Mission Viejo, CA 92691 US
Additional Disclosures for California Residents
These additional disclosures apply only to California residents. The California Consumer Privacy Act of 2018 (“CCPA”) provides additional rights to know, delete and opt out, and requires businesses collecting or disclosing personal information to provide notices and means to exercise rights.
Notice of Collection
In the past 12 months, we have collected the following categories of personal information enumerated in the CCPA: Identifiers, including name, alias, postal address, email address, phone number, account name, IP address, and other similar identifiers. Demographic information, including your age and gender. Commercial information, including purchases and engagement with Ease.
Right to Know and Delete
If you are a California resident, you have the rights to delete the personal information we have collected from you and know certain information about our data practices in the preceding 12 months. In particular, you have the right to request the following from us:
- The categories of personal information we have collected about you;
- The categories of sources from which the personal information was collected;
- The categories of personal information about you we disclosed for a business purpose or sold;
- The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
- The business or commercial purpose for collecting or selling the personal information; and
- The specific pieces of personal information we have collected about you.
To exercise any of these rights, call our toll-free number at +1 (855) 880-8327 and select Option 2 to leave us a message. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.
Right to Opt-Out
To the extent Ease sells your personal information as the term “sell” is defined under the CCPA, you have the right to opt-out of the sale of your personal information by us to third parties at any time. You may submit a request to opt-out through our toll-free number at +1 (855) 880-8327 and select Option 2 to leave us a message.
You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.
Right to Non-Discrimination
You have the right not to receive discriminatory treatment by us for the exercise of any your rights.
We do not knowingly “sell” the personal information of minors under 16 years old who are California residents without their affirmative authorization.
Shine the Light
Customers who are residents of California have the right to request a disclosure describing the categories of personal information we have shared with third parties for their direct marketing purposes, and with whom we have shared it, during the preceding calendar year. You may request a copy of that disclosure by contacting us as set out in the “Contact Us” section above and specifying that you are making a “California Shine the Light Request.” We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.
Additional Disclosures for Nevada Residents
Nevada law (NRS 603A.340) requires each business to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact us as at [email protected].