Effective Date: October 11th, 2023
INFORMATION COLLECTION, USAGE, AND SHARING
Passively Collected Information. When you visit our website, Contract Logix collects non-personal information that your web browser automatically sends whenever you visit a website on the Internet. Our servers automatically record technical information, which may include your Internet Protocol (IP) address, browser type, which webpages you’ve visited, how long you have spent on a webpage, and the date/time of the webpage visit, among other things. This technical information is not used to link to any specific individual and is stored and maintained as aggregate data. This aggregate data is used to improve services provide to Contract Logix customers and potential customers.
Tracking Technologies. We may use a variety of tracking technologies to automatically collect this non-personal information, such as cookies, web beacons, embedded scripts, browser fingerprinting, GPS, iBeacons, and ETags (or “entity tags”). A cookie (or “locally shared object”) is a data file placed on your device when you visit our websites. Your browser, or other software (including Adobe Flash), may allow you to reject or remove cookies, but if you do so, some features of our websites may not work properly, and we may not be able to remember your preferences the next time that you visit. We also may use web server logs to collect and store information about site usage. When you use a mobile application or visit our sites from a mobile device, like a smartphone, we may also collect additional information from your device, including your location, device identifier, and information about your mobile network.
Analytics Services. In addition to tracking technologies, we may use third-party analytics services to gather information about our website visitors. These services may track details about your online activities over time and across different sites. These services help us to improve our websites. These services may also allow us and others to provide you with targeted advertisements or other content that you may be interested in based on your online activities. If you would like to learn more about targeted ads that may be based on your online activities, and the choices that you may exercise for certain sites and advertisers, you may wish to visit the Network Advertising Initiative or the Digital Advertising Alliance.
MANAGEMENT AND REMOVAL OF DATA
At any point you may send an email to firstname.lastname@example.org, or call Contract Logix at 1-866-371-4445 in the event that you: 1) want to see if we have any data about you, 2) want to change/correct any data we have about you, 3) want us to delete any data we have about you, or 4) wish to express concern over any data we have about you. Should you choose to not to be part of any Contract Logix mailing list, you may remove yourself by clicking the unsubscribe link at the bottom of any related email.
To prevent unauthorized access, Contract Logix follows generally accepted industry standards to protect any data that is submitted to us, both during transmission and while stored. Certain technical and organizational processes and measures have been designed to secure your data to prevent accidental loss and unauthorized access, use, modification, or disclosure. No method of electronic data submission, however, is 100% secure and Contract Logix cannot guarantee 100% security. You acknowledge that you provide your information at your own risk.
Contract Logix takes children’s privacy seriously. Our services and products are not designed, intended, or marketed to children under the age of 18. We do not knowingly collect, use, or disclose the PII of anyone under the age of 18. If you are under 18 years of age, please do not attempt to utilize the services provide by Contract Logix. If you believe we may have any PII from or about a child under the age of 13, please email email@example.com or contact us using the contact information below. Any PII collected from an individual under the age of 13 will be deleted as quickly as possible.
Contract Logix, LLC
Attn: Privacy Officer
55 Technology Drive
Lowell, MA 01851
EU-U.S. DATA PRIVACY FRAMEWORK (EU-U.S. DPF), THE UK EXTENSION TO THE EU-U.S. DPF, AND THE SWISS-U.S. DATA PRIVACY FRAMEWORK (SWISS-U.S. DPF)
Contract Logix ensures the lawful transfer of personal data from the EEA, UK and Switzerland to the US through its certification to the Data Privacy Framework Program and alternative mechanisms such as the Standard Contractual Clauses (the “SCCs”), as approved by the European Commission.
Choice. Contract Logix will not use your PII for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorized by you, nor will we disclose your PII to a third party, unless such disclosure is made to a third party that is acting as an agent pursuant to a contract with Contract Logix, to perform tasks on behalf of and under the instructions of Contract Logix.
Certain PII, such as information about medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of an individual, is considered “Sensitive Information.” Contract Logix will also treat any PII received from a third party where the third party identifies and treats such PII as sensitive, as Sensitive Information. Contract Logix will always obtain affirmative express consent (opt in) from individuals if Sensitive Information is to be (i) disclosed to a third party or (ii) used for a purpose other than those for which it was originally collected or subsequently authorized by the individuals through the exercise of opt-in choice.
Accountability for Onward Transfer. We are responsible for the processing of PII we receive under the EU-U.S. and/or the Swiss-U.S. Data Privacy Framework Principles (DPF Principles) and/or SCCs (as applicable) and subsequently transfer to a third party acting as an agent on our behalf. Contract Logix will comply with the Notice and Choice Principles in any transfer of PII to a third party acting as a controller or an agent. In addition, any such third-party controller or agent will be under a contract that provides that (i) such PII may only be processed for limited and specified purposes consistent with the consent provided by the individual, and (ii) the controller will provide the level of protection required by the DPF Principles and/or SCCs (as applicable), and (iii) the controller will notify Contract Logix if it makes a determination that it can no longer meet this obligation, and that upon such determination, the third party controller will cease processing information and take other reasonable and appropriate steps to remediate unauthorized processing. Upon request, Contract Logix will provide a summary or a representative copy of the relevant privacy provisions of any such contract with the Department of Commerce.
In cases where an EU, UK, or Swiss individual’s data is transferred onward to third parties pursuant to the SCCs, Contract Logix may be potentially liable.
Security. Contract Logix takes reasonable and appropriate measures to protect any PII that it creates, maintains, uses, or disseminates, from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
Data Integrity and Purpose Limitation. Consistent with the DPF Principles and/or SCCs (as applicable), Contract Logix will not process personal information in a way that is incompatible with the purposes for which it was collected or subsequently authorized by the individual who provided such PII. To the extent necessary for those purposes, we take reasonable steps to ensure that PII is accurate, complete, current, and reliable for its intended use.
Any PII collected by Contract Logix will be maintained in a form identifying or making identifiable the individual who provided such PII only for as long as it serves the purpose of processing for which it was collected or subsequently authorized by the individual who provided such PII. This does not prevent Contract Logix from processing PII for longer periods for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research, and statistical analysis.
Depending on the circumstances, examples of compatible processing purposes may include those that reasonably serve customer relations, compliance and legal considerations, auditing, security and fraud prevention, preserving or defending our legal rights, or other purposes consistent with the expectations of a reasonable person given the context of the collection of PII.
Access. All individuals have access to the PII that Contract Logix holds about them, and they are empowered to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the DPF Principles and/or SCCs (as applicable), except where the burden or expense of providing such access would be disproportionate to the risks to the privacy of the individual in question, or where the rights of other individuals would be violated by such access.
Contract Logix has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, DATA PRIVACY FRAMEWORK SERVICES, operated by BBB National Programs. If you do not receive timely acknowledgement of your complaints, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint.
If Contract Logix becomes subject to any Federal Trade Commission (“FTC”) or court order based on non-compliance, we will make public any relevant DPF-related sections of any compliance or assessment report submitted to the FTC, to the extent consistent with confidentiality requirements.
Contract Logix submits to being subject to the investigatory and enforcement powers of the FTC.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf
CHANGES TO THIS POLICY