This Privacy Policy (the "Privacy Policy") explains what type of personal data our company, Prelude Research, Inc. (the “Company” or “us”), collects and processes and the measures we apply to protect such personal data with respect to which we act as a “data controller” under the General Data Protection Regulation (the “GDPR”), as a “business” under the California Consumer Privacy Act (the “CCPA”) or equivalent denominations under relevant U.S. state privacy laws such as, without limitation, Colorado Privacy Act, Connecticut Personal Data Privacy and Online Monitoring Act, Utah Consumer Privacy Act pr Virginia Consumer Data Protection Act (the CCPA and other relevant U.S. state privacy laws hereinafter also “U.S. State Privacy Laws”).
In this Privacy Policy, the “Company” or “us” means both the data controller under the GDPR and the business under the CCPA and the term “personal data” includes both personal data under the GDPR and personal information under the CCPA.
Below you may find the types of personal data that we may collect and process. To fulfil the requirements of CCPA, please note that the below list includes also a list of personal data that we may have collected about you in the preceding 12 months and the reference to corresponding categories of personal data as defined under CCPA that most closely describe the personal data collected:
Corresponding categories under CCPA:
The exact scope of personal data collected will depend on the specific features then available and used by you and the functionality of the Demo Versions that you decide to implement and deploy.
Corresponding categories under CCPA:
Information about the personal data we collect within Cookies and from Job Candidates is described separately in clauses 3 and 4 of this Privacy Policy.
We may use your personal data that we collect for the following purposes (or business purposes and commercial purposes as defined under CCPA) and on the legal bases listed below:
On this legal basis, we use the information about you to comply with legal requirements.
On this legal basis, we use the information about you to detect, prevent and address fraud and other illegal activity. We may also use the personal data about you to enhance, optimize, secure, update, market, and analyse our services or develop new services. Lastly, we may also contact you about our products and services where permissible under applicable law without your express consent.
On this legal basis, we may use the information about you for the purposes to which you have granted your consent or share your personal data with our business partners, provided you have given us your consent for such data sharing.
We do not knowingly collect or process any personal data that may be classified as special categories of personal data under the GDPR or sensitive personal information or data under U.S. State Privacy Laws or biometric data under the Illinois Biometric Information Privacy Act (740 ILCS 14), the Texas Capture or Use of Biometric Identifier law (Texas Business and Commercial Code Chapter 503), and the Washington Biometrics Identifiers Statute (RCW 19.375).
We may use cookies and other tracking technologies on our website to collect information about your browsing activities and preferences. You can manage your cookie preferences through your browser settings or through the settings accessible by clicking on a button “Cookies” at the bottom of our website.
If you apply for a job in our Company, we may collect your personal data contained in your CV or other data that you provide to us.
We will use your personal data to communicate with you and to assess your job application. Where permitted, we may use your personal data also to contact you with job opportunities similar to the one to which you originally applied.
Your personal data will be stored in accordance with applicable laws and kept as long as needed to complete the recruitment process and for a reasonable period thereafter to allow us to record the reasons for our decision in relation to your application (including to exercise, establish, or defend any legal claims). Based on your consent we may process your data for a reasonable period to consider you for and inform you of other suitable job offers. If your job application is successful, your personal data will be kept as employee personal data.
We may disclose personal data to third parties in the following circumstances:
We may disclose your personal data to our service providers to monitor and analyse the use of our services or to contact you.
We may disclose or transfer your personal data in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of our business to another company.
We may disclose your personal data to our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates may include subsidiaries, joint venture partners or other companies that we control or that are under common control with us.
We may disclose your personal data to our business partners to offer you certain products, services or promotions.
We may also share your information with our legal, financial, insurance and other advisors.
We may disclose personal data to comply with applicable laws, regulations, legal processes, or governmental requests.
As required under CCPA, below you may find the reference to categories of personal data as defined under CCPA that most closely describe the personal data disclosed to the above-mentioned third parties:
Your personal data is processed at our operating offices and in any other places where the parties involved in the processing are located. It means that your personal data may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction.
We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Policy and no transfer of your personal data will take place to an organization or a country unless there are adequate controls in place ensuring the security of your personal data.
We implemented appropriate technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, or destruction. We use encryption, firewalls, access controls (multi-factor/two-factor authentication), and other industry-standard security measures to safeguard personal data.
Database volumes are encrypted when stored at rest and in transit.
We apply standard IAM (access controls) that enforces the Least Privilege Principle. Only employees who have a job function requiring access to a particular system are granted it, and only for the duration it is required.
We retain personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by law. We will delete personal data when it is no longer needed or when you request your data to be deleted, subject to certain exceptions provided by the relevant data protection laws.
We may contact you about our products and services that may be of interest to you based on our previous business interactions. If you grant us your consent, you may also subscribe to such communication on our website or on other platforms and communication channels.
You may unsubscribe from these communications at any time by following the unsubscribe link or instructions provided in any email we send to you or by contacting us using the contact information provided in this Privacy Policy.
According to GDPR, you also have a right to submit objections to direct marketing. If you no longer wish to receive marketing communication from us or you do not wish that your personal data is used for processing related to such marketing or promotional activities, you can request that we cease to use your personal data for these purposes. You can exercise this right by contacting us using the contact information provided in this Privacy Policy.
If you are located in the European Union, you have the following rights in relation to your personal data:
You have the right to obtain from us the confirmation as to whether personal data concerning you are being processed, and, where that is the case, access to the personal data and other information.
You have the right to request the correction or update of inaccurate or incomplete personal data held by us.
You have the right to request the deletion of your personal data, subject to certain exceptions under GDPR.
You have the right to request the restriction of processing of your personal data in certain circumstances, such as when the accuracy of the data is contested, or the processing is unlawful.
You have the right to receive your personal data in a structured, commonly used and machine-readable format and request the transfer of such personal data to another controller.
You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
Please note that we do not make any decisions based solely on automated processing, including profiling, which would produce legal effects concerning you or which would similarly significantly affect you.
You have the right to withdraw your consent for processing of personal data for which you gave us your consent.
You can exercise your rights by contacting us using the contact information provided in this Privacy Policy. Additionally, you have the right to lodge a complaint with the competent Data Protection Authority if you believe your rights regarding our use of your personal data have been violated.
If you are a resident of California or another U.S: state with relevant rights under the U.S. State Privacy Laws, you have the following rights in relation to your personal data:
You have the right to request that we send you the categories and the specific pieces of your personal data we have collected in the 12 months preceding your request.
You have the right to request that we delete any of your personal data collected from you, subject to certain exceptions set out in the U.S. State Privacy Laws.
You have the right to correct the inaccurate personal data that we collect about you, considering the nature of the personal data and the purposes of the processing of the personal data.
You have the right to request that we disclose to you the specific information related to your personal data as defined under U.S. State Privacy Laws.
Please note that we do not “sell” or “share” any personal data within the meaning of CCPA (or equivalent under other relevant U.S. State Privacy Laws) to any third party. We do however disclose personal data to third parties as described in Clause 6 of this Privacy Policy.
We will not discriminate against you in any way for exercising any of your rights related to the collection of your personal data.
You can exercise your rights by contacting us using the contact information provided in this Privacy Policy.
If you are a resident of California, under Section 1798.83 of California Civil Code (California “Shine the Light” law) you also have the right to ask us one time per year for information about our disclosure, if any, of personal data to third parties for their direct marketing purposes in the preceding calendar year.
You can exercise this right by contacting us using the contact information provided in this Privacy Policy.
If you are under the age of 18 and a registered user of online site, service or application, you have the right to request and obtain removal of content or information you have publicly posted.
To request removal of such data, you can contact us using the contact information provided below.
Be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.
We do not knowingly collect personal data from children under the age of 13 (or under the age of 16 in certain jurisdictions, such as EU member countries). If we become aware that personal data of a child under 13 (or under the age of 16 in certain jurisdictions, such as EU member countries) has been collected, we will take appropriate steps to delete such data.
We may update this Privacy Policy from time to time to reflect changes in our data processing practices or legal requirements. We will notify you of any material changes to this Privacy Policy on this website or by other means. You are encouraged to review this Privacy Policy for the latest information.
If you have any questions about our Privacy Policy, you can contact us by email at support@preludesecurity.com.
Issued on 1 May 2023
