Idera-Inc-Facelift-logo

Privacy Notice

Originally Published on January 24, 2004
Modified and Effective on August 15, 2024

  

Privacy Summary
OUR CONTACT INFORMATION

Idera, Inc.,

(which includes Idera’s subsidiaries (“ Affiliates”) listed below under “ Entities Covered by This Privacy Notice ”)

Address: 4001 W. Parmer Lane, Suite 125, Austin, TX 78727

Phone number: (512) 226-8080

Email address: [email protected]

Identity and contact details of our Company’s Data Protection Officer:

VeraSafe, LLC

100 M Street S.E.,

Suite 600

Washington, D.C. 20003

United States of America

Tel: +1 (617) 398-7067

Email: [email protected]

Web: https://www.verasafe.com/about-verasafe/contact-us/

Identity and contact details of our Company’s Representative in the EU:

VeraSafe Ireland Ltd.

Unit 3D North Point House

North Point Business Park

New Mallow Road

Cork T23AT2P

Ireland

Contact form: https://verasafe.com/public-resources/contact-data-protection-representative

Identity and contact details of our Company’s Representative in the UK:

VeraSafe United Kingdom Ltd.

37 Albert Embankment

London, SE1 7TL

United Kingdom

Contact form: https://verasafe.com/public-resources/contact-data-protection-representative


GENERAL INFORMATION

Do we collect Personal Data (as defined in this section)?

YES. Some categories include contact information, payment information, and internet activity, among others. Click here to know which categories of Personal Data we collect and how we obtain them.

Do we share Personal Data?

YES. Our Company does share Personal Data with the companies of our corporate group if we believe you will benefit from such recommendation. We do not sell your Personal Data.

Do we process Personal Data considered to be sensitive personal information within the context of this Privacy Notice?

NO. Our Company does not process Personal Data considered to be sensitive personal information within the context of this Privacy Notice.

TRACKING

Do we use cookies or similar tracking technologies on our websites?

YES. Click https://www.ideracorp.com/Legal/Idera-Inc-Universal-Cookie-Policy to read our cookie notice.

Do we use cookies or similar tracking technologies in our apps?

YES. Click https://www.ideracorp.com/Legal/Idera-Inc-Universal-Cookie-Policy to read our cookie notice.

Do we track your activities in other websites?

YES. Click https://www.ideracorp.com/Legal/Idera-Inc-Universal-Cookie-Policy to read our cookie notice.

PRIVACY RIGHTS

Can you request to receive a copy of the Personal Data we have collected about you?

YES. Click here to learn how

Can you withdraw your consent to our processing of your Personal Data?

YES. Click here to learn how

Can you request to have your Personal Data deleted?

YES. Click here to learn how

Can you request not to have your Personal Data shared with Idera affiliates?

YES. Click here to learn how

Can you request to limit the use of your Personal Data that is considered to be sensitive personal information within the context of this Privacy Notice for the purpose of inferring characteristics about you?

NOT APPLICABLE, because our Company does not use Personal Data that is considered to be sensitive personal information within the context of this Privacy Notice for the purpose of inferring characteristics about you.

Do we discriminate you for exercising your privacy rights?

NO. Click here to learn more about your right not to be discriminated.

Do we offer you financial incentives for your Personal Data?

NO. Our Company does not offer you financial incentives for your Personal Data.

SECURITY

Do we protect your Personal Data?

YES. Click here to learn more about how we protect your Personal Data

Introduction

Idera, Inc., together with its Affiliates listed below under “ Entities Covered by This Privacy Notice ” (collectively, “ Company”, “ we”, “ us”, “ our”), is committed to respecting and protecting the privacy of our customers, partners, webinars attendees, and website visitors. Section 16 of this Privacy Notice applies exclusively to Idera, Inc. and its Affiliates incorporated in the United States.
Please read this Privacy Notice, where we describe the Company’s privacy practices in relation to the use of the Company’s Websites (as defined below) and the related applications, services, products, and programs offered by the Company (collectively, “ Services”), as well as individuals’ choices regarding their privacy rights under applicable data protection and privacy laws, such as the European Union General Data Protection Regulation and the United Kingdom’s General Data Protection Regulation (collectively, “ GDPR”), and U.S. State Privacy Laws including, to the extent applicable, the California Consumer Privacy Act of 2018 (“CCPA”), the Colorado Privacy Act (“ CPA”), the Virginia Consumer Data Protection Act (“ VCDPA”), the Connecticut Data Privacy Act (“ CTDPA”), and the Utah Consumer Privacy Act (“UCPA”) (collectively “ U.S. State Privacy Laws”).

Personal Data

Personal Data means any information that may be used to identify you, such as your name, title, phone number, email address, or mailing address.
Personal Data also includes the following types of information:

  • Your business email address if you want to subscribe to a periodic communication such as a newsletter;
  • Additional Personal Data, such as name, company name, address, phone number, and email address, for additional activities on our site that may require you to be registered (e.g., to read a white paper, download trial or free software, when you express an interest in obtaining additional information about the Services, or register for an event);
  • Your billing information, such as billing name and address and credit card number, when purchasing Services or registering for an event; and
  • Any other information you submit to the Company through the Services or information provided to you by the Company through your use of the Services (e.g., license key).

These specified types of information are referred to collectively as “ Personal Data

What is Covered by this Privacy Notice?

This Privacy Notice covers the Company’s information practices, including addressing data subjects (which includes both individuals and households) whose Personal Data we:

  • receive from our customers in our Services as well as in the course of providing consulting services and customer support services;
  • receive directly through websites that link to this Privacy Notice and are managed and controlled by the Company (collectively referred to as the “Websites”);
  • receive from our business partners;
  • receive from individuals for event, webinar, and other registrations; or
  • process to promote our Services.
What is Not Covered by this Privacy Notice?
Human Resources Personal Data

This Privacy Notice does not apply to the Personal Data of employees, job applicants (including Personal Data considered to be Applicant Information), contractors, business owners, directors, officers, and medical staff of the Company.

Personal Data We Process as a “Processor”

In some of the cases where we receive Personal Data from our customers in our Services, we do not decide why or how that Personal Data will be processed. To this end, if not stated otherwise in this Privacy Notice or in a separate disclosure, we process such Personal Data in the role of a mere processor on behalf of a customer (and/or its affiliates) who is the responsible controller of the Personal Data concerned. We are not responsible for and have no control over the privacy and data security practices of our customers, which may differ from those set forth in this Privacy Notice. We will only access Personal Data to provide the Services that our customer has directed us to provide, or if we are required to do so by law.

When you give your Personal Data to one of our customers or when we collect your Personal Data on their behalf, our customer’s privacy notice, rather than this Privacy Notice, will apply to our processing of your Personal Data. If your Personal Data has been submitted to us by or on behalf of a Company customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable customer directly. Because we may only access a customer’s Personal Data upon instruction from that customer, if you wish to make your request directly to us, please provide to us the name of the Company customer who submitted your Personal Data to us. We will refer your request to that customer, and we will support them as needed in responding to your request within a reasonable timeframe.

Information Which Does Not Constitute Personal Data

If we do not maintain information in a manner that identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular individual or household, such information is not considered Personal Data and this Privacy Notice will not apply to our processing of that information. Such information includes anonymous, aggregate statistics from web traffic to our Websites that we collect and analyze through web analytics software in order to understand our customers’ and visitors’ needs and to continually improve our Websites for them.

Our Role with Respect to Your Personal Data

In the context of this Privacy Notice, we act either as a data controller or data processor for the Personal Data we process, depending on our relationship with you and with our customers. For example, we act as a data controller when we process your Personal Data when you contact us through our Websites or if we call you at your request. On the other hand, we generally act as a data processor in connection with the Services we provide to our customers.

Entities Covered by this Privacy Notice

This Privacy Notice covers Idera, Inc., all its affiliate entities listed at https://www.ideracorp.com/legal, and all companies currently within the Idera corporate group listed at https://www.ideracorp.com/brands .

Use of Personal Data and The Legal Bases on Which We Rely

We may process your Personal Data on the basis of:

  • Your explicit consent;
  • The need to perform our contract with you, such as the need to perform the Services requested, or to take steps at your request prior to entering into a contract, such as the need to verify financial information provided by you to us and to collect payments to the extent that doing so is necessary to complete the transaction and perform our contract with you;
  • Our legitimate interests, such as our interests in providing our users with more relevant content and service offerings and promoting the safety and security of our Services;
  • The need to comply with legal obligations; and
  • Any other ground, as required or permitted by law.

Where we process your Personal Data based on your consent, you may withdraw it at any time. However, this will not affect the lawfulness of our processing before you withdrew your consent. It will also not affect the validity of our processing of Personal Data performed on other lawful grounds.

Where the Company needs to collect and process Personal Data by law, or under a contract that it has entered into with you, and you fail to provide the required Personal Data when requested, the Company may not be able to perform its contract with you.

For more specific information about which lawful basis of processing we rely on to process your Personal Data in different contexts, please contact us as directed below.

What Personal Data We Process, How We Obtain It, and How We Use Your Personal Data

The CCPA requires us to categorize the Personal Data we collect into a few groups, which are contained below. Many of the categories are not collected in every instance, and some would only be collected at the direction of our customers through our cloud products and services.

The table below describes the categories of Personal Data we have collected about you in the last twelve months, for both business and commercial purposes (as defined in the CCPA).

Categories of Personal Data We Collect, Process, or Store How We Obtain Your Personal Data How We Use Your Personal Data

Identifiers

A real name, alias, company name, postal address, telephone number, personal or business email address, or other similar identifiers.

Customer Records Information

A real name, alias, company name, billing information, such as billing name, billing address, shipping address, or other similar customer records information.

Internet or Other Similar Network Activity

Browsing history, search history, and information on a consumer’s interaction with a website, application, or advertisement.

Professional or Employment Related Information

Employment, information about your employer (such as the name, address, and contact details of your employer), current job title, and other similar professional or employment-related information.

We may receive your Personal Data when:

  • you provide it directly to us through our Website;
  • you provide it directly to us at an event or conference;
  • you provide it to us while participating in a webinar we host or sponsor;
  • you provide it to us while filling out one of our web forms or requesting user support;
  • you provide it to us through other means of contact, including via a phone call;
  • we collect your information from publicly available platforms such as LinkedIn;
  • our customers (including their employees, contractors, and other representatives of the company) provide it to us;
  • we receive it from other companies within our corporate group;
  • our service providers provide it to us; or
  • when a friend of yours or one of our partners or customers refers you to our Services by providing your Personal Data to us.

We may process your Personal Data for the purposes of:

  • providing our Websites and Services;
  • managing user registrations;
  • promoting the security of our Websites and Services;
  • developing and improving our Websites and Services;
  • handling contact and user support requests;
  • reviewing compliance with applicable usage terms;
  • assessing and improving user experience;
  • managing event registrations and attendance;
  • planning and hosting corporate events, hosting online forums and social networks;
  • managing webinars;
  • managing contests or promotions;
  • assessing capacity requirements;
  • identifying customer opportunities;
  • displaying personalized advertisements and content;
  • sending marketing communications;
  • managing payments; and
  • complying with legal obligations.

We will not collect additional categories of Personal Data without informing you. Our collection and use of Personal Data will be reasonably necessary and proportionate to the purposes for which we collect or process Personal Data, or for another disclosed purpose that is compatible with the context in which we collect Personal Data, and not further processed in a manner that is incompatible with those purposes.

Any Personal Data or other information you choose to submit in communities, forums, blogs, or chat rooms on our Websites may be read, collected, and used by others whom visit these forums, depending on your account settings.

Use of Cookies, Usage Data

A “cookie” is a small file stored on your device that contains information about your device. We may use cookies and other commonly used information-gathering tools such as Web beacons to provide basic relevant ads, website functionality, authentication (session management), usage analytics (web analytics), and to remember your settings, and generally improve our Websites and Services.

For more information on how we use cookies and our data usage, our Company’s cookie policy can be found at https://www.ideracorp.com/Legal/Idera-Inc-Universal-Cookie-Policy.

How Long We Keep Your Personal Data

The Company retains your Personal Data to the extent necessary to reasonably serve customer relations, to meet our compliance and legal obligations, to enhance security and fraud prevention, and for audit purposes. For example, we may retain your information during the time in which you have an account to use our Website or Services and for a reasonable period of time afterward. We may also retain your information during the period of time needed for the Company to pursue our legitimate business interest, conduct audits, comply with our legal obligations, resolve disputes, and enforce our agreements. We determine the appropriate retention period for the Personal Data on the basis of the amount, nature, and sensitivity of your Personal Data processed, the potential risk of harm from unauthorized use or disclosure of your Personal Data, and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).

When you decide to delete certain information in your account, we will fulfill your request and update this information on our platform. We will also notify third parties (such as our service providers processing Personal Data on our behalf) of your request for Personal Data to be deleted.

Disclosing Personal Data to Third Parties

The following table describes, in the last twelve months, the categories of information we have disclosed to third parties for business and commercial purposes, and the categories of those third parties.

 

Use of Personal Data for Business Purposes or Commercial Purposes

Category

Categories of Third Parties to Which We Disclose Personal Data for Business Purposes

Identifiers
Customer Records Information
Internet or Other Similar Network Activity
Professional or Employment-Related Information

Our subsidiaries and affiliates, service providers, business partners, and other third parties are categorized as:

  • IT, cloud storage, and infrastructure management service providers;
  • customer support solutions service providers;
  • customer relationship management service providers;
  • office tool and supplies service providers;
  • text messaging and communications software service providers;
  • e-mail service providers;
  • credit card processing service providers;
  • event and networking service providers;
  • social media service providers;
  • digital advertising and marketing service providers; and
  • analytics service providers.
Credit Card Information

When you pay any fees with a credit card, your credit card data is securely sent to a third party merchant. We do not store your credit card information. All of the direct payment gateways adhere to standards set out by the Payment Card Industry Data Security Standard (PCI-DSS) as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, and American Express. PCIDSS requirements help ensure the secure handling of credit card information.

Information about International Transfers of Personal Data

The Company primarily The Company primarily stores Personal Data about the Company’s customers and Personal Data about event attendees in the United States (“U.S.”). To facilitate the Company’s global operations, the Company may transfer and access such information from around the world, including from other countries in which the Company has operations. A list of the Company’s global offices is available at https://www.ideracorp.com/legal. This Privacy Notice shall apply even if the Company transfers Personal Data about the Company customers or Personal Data about attendees to other countries.

Some of the above-mentioned third parties may be located outside of the U.S. However, when your Personal Data is protected by the GDPR, before transferring your Personal Data to these third parties, we will require that these third parties maintain at least the same level of privacy and security that we maintain for such Personal Data. Our Company remains liable for the protection of Personal Data that we transfer to our service providers within the scope of our Data Privacy Framework certification (which for the purpose of this Privacy Notice includes the EU-U.S. Data Privacy Framework and its UK Extension, and the Swiss-U.S. Data Privacy Framework), except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.

Our customers and service providers who receive your Personal Data may be located in countries outside of the European Union (“ EU”), the European Economic Area (“ EEA”), the United Kingdom (“ UK” including Gibraltar), or Switzerland. In some cases, the European Commission and UK may not have determined that the legal environment in those countries provides a level of data protection that is essentially equivalent to the level of protection provided under EU law and the law of the UK. We will only transfer your Personal Data to third parties in these countries when there are appropriate safeguards in place, such as the European Commission approved standard contractual clauses, and any standard contractual clauses approved by the UK.

Other Disclosures of Your Personal Data

We may disclose your Personal Data to the extent required by law, or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings. If we have to disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data.

We may also disclose your Personal Data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your Personal Data to our subsidiaries or affiliates, but only if necessary for business purposes, as described in the section above.

We reserve the right to use, transfer, sell, share, and disclose aggregated, anonymous data for any legal purpose. Such data does not include any Personal Data. The purposes may include analyzing usage trends or seeking compatible advertisers, sponsors, and customers.

Sharing of Personal Data

Idera may share your Personal Data with other Idera entities for the purpose of cross-entity marketing. In the preceding twelve (12) months, Idera has disclosed the following categories of Personal Data for a business purpose:

Customer full legal name, contact employee email address and phone number.

What Privacy Rights Do You Have?

You have specific rights regarding your Personal Data that we collect and process under applicable data protection and privacy laws. Please note that you can only exercise these rights with respect to Personal Data that we process about you when we act as a data controller or as a “business” under the GDPR and U.S. State Privacy Laws. To exercise your rights with respect to Personal Data processed by us on behalf of one of our customers, please read the privacy notice of that customer.

The following sections describe your rights, and then we explain how you can exercise those rights.

Right to Know What Happens to Your Personal Data

This is called the right to be informed. It means that you have the right to obtain from us all Personal Data regarding our data processing activities that concern you, such as how we collect and use your Personal Data, how long we will keep it, and who it will be disclosed to, among other things.

We are informing you of how we process your Personal Data with this Privacy Notice. We will always try to inform you about how we process your Personal Data. However, if we do not collect the Personal Data directly from you, the GDPR exempts us from the obligation to inform you: (i) when providing the information is either impossible or unreasonably expensive; (ii) the gathering and/or transmission is required by law; or if (iii) the Personal Data must remain confidential due to professional secrecy or other statutory secrecy obligations.

Right to Know What Personal Data Our Company Has About You

This is called the right of access. This right allows you to ask for a copy of the Personal Data we hold on you. You have the right to obtain from us, including confirmation of whether or not we process Personal Data concerning you, and, where that is the case, a copy or access to the Personal Data and certain related information.

Once we receive and confirm that the request came from you or your authorized agent, we will disclose to you the categories of your Personal Data that we process and the specific pieces of Personal Data we process about you in an easily sharable format. Under some circumstances, we may deny your access request. In that event, we will respond to you with the reason for the denial.

Right to Change Your Personal Data

This is called the right to rectification. It gives you the right to ask us to correct, without undue delay, anything that you think is wrong with the Personal Data we have on file about you, and to complete any incomplete Personal Data. If your account settings do not allow you change the Personal Data yourself, please contact us and we will do our best to change the Personal Data for you.

Right to Delete Your Personal Data

This is called the right to erasure, right to deletion, or the right to be forgotten. This right means you can ask for your Personal Data to be deleted. When you decide to delete certain Personal Data in your account, we will fulfill your request and update this information on our platform. We will also notify third parties that we authorized the use and disclosure of that content at your request.

The GDPR and the U.S. State Privacy Laws allow for requests to erase your Personal Data to be denied if we or our service providers need to retain the Personal Data to:

  • Complete the transaction for which we collected the Personal Data;
  • Provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
  • Help ensure security and integrity to the extent the use of your Personal Data is reasonably necessary and proportionate for those purposes;
  • Debug products to identify and repair errors that impair existing intended functionality;
  • Engage in public or peer-reviewed scientific, historical, or statistical research that conforms or adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the ability to complete such research, if you previously provided informed consent;
  • Enable solely internal uses reasonably aligned with your expectations based on your relationship with us and compatible with the context in which you provided your information; or
  • Comply with a legal obligation, including, but not limited to, obligations from the California Electronic Communications Privacy Act.
Right to Ask Us to Limit How We Process Your Personal Data

This is called the right to restrict processing. It is the right to ask us to only use or store your Personal Data for certain purposes. You have this right in certain instances, such as where you believe the Personal Data is inaccurate, or the processing activity is unlawful.

Right to Ask Us to Stop Using Your Personal Data

This is called the right to object. This is your right to tell us to stop using your Personal Data. You have this right where we rely on a legitimate interest of ours (or of a third party). You may also object at any time to the processing of your Personal Data for direct marketing purposes.

We will stop processing the relevant Personal Data unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, or freedoms; or (ii) we need to continue processing your Personal Data to establish, exercise, or defend a legal claim.

If we have received your Personal Data in reliance on the Data Privacy Framework, you may also have the right to opt out of having your Personal Data disclosed to third parties and to revoke your consent to our disclosing your Personal Data to third parties. You may also have the right to opt out if your Personal Data is used for any purpose that is materially different from the purpose(s) for which it was originally collected or which you originally authorized.

Right to Port or Move Your Personal Data

This is called the right to data portability. It is the right to ask for and receive a portable copy of your Personal Data that you have given us or that you have generated by using our Services, so that you can:

  • Move it;
  • Copy it;
  • Keep it for yourself; or
  • Transfer it to another organization.

We will provide your Personal Data in a structured, commonly used, and machine-readable format. When you request this Personal Data electronically, we will provide you a copy in electronic format.

Right Related to Automated Decision Making

We do not make automated decisions using your Personal Data in our Websites or in our Services. We use cookies and similar technologies on our Company Websites to personalize your experience on the Company Websites and recommending software products and services that may be of interest to you. For information, our Company’s cookie policy can be found at https://www.ideracorp.com/Legal/Idera-Inc-Universal-Cookie-Policy.

Right to Withdraw Your Consent

Where we rely on your consent as the legal basis for processing your Personal Data, you may withdraw your consent at any time. To exercise these rights, please contact us. Requests to access, change, or delete your Personal Data will be addressed within a reasonable timeframe. If you withdraw your consent, our use of your Personal Data before you withdraw is still lawful. Please note that if you have registered for an account with the Company, you may generally update your user settings, profile, organization’s settings, or event registration by logging into the applicable Website or Services with your username and password and editing your settings or profile.

If you have given consent for your details to be disclosed to a third party and wish to withdraw this consent, please also contact the relevant third party in order to change your preferences.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. Unless the applicable data protection laws permit it, we will not:

  • Deny you goods or services;
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits or imposing penalties;
  • Provide you a different level or quality of goods or services; or
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Right to Opt-Out of the Sharing of Personal Data

You have the right to direct us to not to sell or share your personal at any time. We do not sell your Personal Data, but may share your Personal Data with our affiliates for the purpose of cross-marketing.

Your Right to Opt Into the Sharing of Personal Data

If you have directed us not to share your Personal Data, you can opt-in to the sharing of your Personal Data to any of Idera affiliate companies at any time.

Right to Lodge a Complaint with a Supervisory Authority

If you consider that the processing of your Personal Data infringes your privacy rights according to the General Data Protection Regulation, you have the right to lodge a complaint with a supervisory authority, in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. Contact details for the EU data protection authorities can be found at https://edpb.europa.eu/about-edpb/about-edpb/members_en

How Can You Exercise your Privacy Rights?

To exercise any of the rights described above, please submit a request by either:

  • Calling us at (512) 226-8080
  • Contacting us by email at [email protected];
  • Filling out this online form; or
  • Writing to us at:

    Idera Inc.
    Attn: Legal Department
    4001 W. Parmer Lane
    Suite 125
    Austin, Texas 78727
What are Authorized Agents?

You may appoint an authorized agent to exercise your rights on your behalf. You should appoint such agent via written permission or a power of attorney pursuant to Probate Code sections 4000 to 4465 (if you reside in the State of California) or the applicable rules for authorizing somebody else to exercise your rights in your country or state of residence. To verify that your authorized agent acts on your behalf, we will ask for this written permission from your agent or for the power of attorney. In case you provided your authorized agent with a written permission, we will require that you also verify your identity.

How We Will Verify Your Identity

Please bear in mind that to evaluate your privacy rights requests, we need to be sure it was you who made the request. We will verify your identity via the following methods:

  • We will send you an email requesting that you confirm certain Personal Data that we have in our records; or
  • We will call you at the number you provided when you submitted a request relating to your privacy rights and will request that you confirm certain Personal Data that we have in our records.

To carry out the verification, we may ask you for information you provided to us previously, such as your contact number, email address, date of birth, your zip code, or the date that you last received a call/communication from us.

Please note that under California law, you may only make a consumer request to know or a data portability request twice within a twelve (12) month period.

How and When We Will Respond to Your Requests

We will confirm the receipt of your request within ten (10) business days, and, in that communication, we will also describe our identity verification process and when you should expect a response, except when we have already granted or denied the request.

Please allow us up to thirty (30) days to reply to your requests from the day we received your request. We may contact you if we need additional information from you in order to honor your request. If we need more time (up to ninety (90) days in total), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will send our written response by mail or electronically, at your option.

Consider that for requests made under California law, we will only cover the twelve (12) month period preceding the moment we receive the request in any disclosures we provide you with.

If we cannot satisfy your request, we will also explain why in our response. For data portability requests, we will choose a format to provide your Personal Data that is readily useable and should allow you to transmit the Personal Data from one entity to another entity without difficulty.

In most cases, we will not charge a fee for processing or responding to your requests. However, we may charge a fee if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination, and we will provide you with a cost estimate before completing your request.

If you are an employee of one of our customers, we recommend you contact your company’s system administrator for assistance in correcting or updating your Personal Data. Some registered users may update their user settings, profiles, organization settings and event registrations by logging into their accounts and editing their settings or profiles.

As described above, we may also process Personal Data submitted by or for a customer of our Services. If your Personal Data has been submitted to us by or on behalf of a Company customer and you wish to exercise any rights you may have under applicable data protection laws, please inquiry with the applicable customer directly. Because we may only access a customer’s Personal Data upon instruction from that customer, if you wish to make your request directly to us, please provide to us the name of the Company customer who submitted your Personal Data to us. We will refer your request to that customer, and we will support them as needed in responding to your request within a reasonable timeframe.

Appealing Rejected Requests

Pursuant to certain U.S. State Privacy Laws, such as the laws of Virginia, Colorado, and Connecticut, to the extent applicable to you, residents have the right to appeal rejected requests. You may exercise this right if you are a resident of an applicable U.S. state, by responding to the correspondence we send containing our response to your request, and by following the instructions on how to make an appeal within our correspondence.

Children and Privacy

The Company Websites do not offer information directed at, or intended to attract, children. The Company does not knowingly solicit Personal Data from children under the age of sixteen (16).

Security of Personal Data

The Company take precautions including organizational, technical, and physical measures to help safeguard against the accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of, or access to, the Personal Data we process or use. For example, when you submit any form requiring registration, we use a secure server. The secure server software (SSL) helps protect your information as it travels over the Internet by encrypting that information before it is sent to us. Please note that while we have implemented industry-standard security mechanisms and procedures to protect data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, no method of storage or transmission is 100% secure. You are solely responsible for protecting your password, limiting access to your devices, and signing out of websites after your sessions.

Links to Other Websites and Public Forums

Our Websites contain links to information on other websites. We do not have any control over these other websites, and therefore we cannot be responsible for the protection and privacy of any information that you provide while visiting those websites. Those websites are not governed by this Privacy Notice, and if you have questions about how a website uses your information, consult that website’s privacy notice. Portions of our Websites may also make chat rooms, forums, message boards, and/or news groups available to visitors. Please remember that any information that is disclosed in these areas becomes public information and exercise caution when deciding to disclose any Personal Data.

EU-U.S. Data Privacy Framework, UK Extension to the Eu-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework

This Section applies exclusively to the Company and its Affiliates incorporated in the United States. Idera complies with the principles of the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (collectively, the “Data Privacy Framework” or “DPF”) as set forth by the U.S. Department of Commerce. Idera has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. Data Privacy Framework (“EU-U.S. DPF) and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Idera has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. Data Privacy Framework. If there is any conflict between the terms in this Privacy Notice and the EU-U.S. Data Privacy Framework Principles and/or the Swiss-U.S. Data Privacy Framework Principles, the respective Principles shall govern.

To learn more about the Data Privacy Framework Principles, and to view our certification information, please visit https://www.dataprivacyframework.gov and https://www.dataprivacyframework.gov/list , respectively.

In compliance with the Data Privacy Framework Principles, the Company commits to resolve complaints about your privacy and our collection or use of your Personal Data transferred to the U.S. pursuant to Data Privacy Framework. EU, UK, and Swiss individuals with Data Privacy Framework inquiries or complaints should first contact the Company at [email protected]. The Company has further committed to refer unresolved Data Privacy Framework complaints covering non-Human Resource Personal Data under the Data Privacy Framework to Data Privacy Framework Services, an alternative dispute resolution provider operated by BBB National Programs and located in the U.S. If you do not receive a timely acknowledgement of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information or to file a complaint. The services of BBB EU Data Privacy Framework are provided at no cost to you.

If your complaint involves human resources Personal Data transferred to the U.S. from the EU, UK and/or Switzerland in the context of the employment relationship, and the Company does not address it satisfactorily, the Company commits to cooperate with the panel established by the EU data protection authorities (“DPA Panel”), the UK Information Commissioner’s Office (“ICO”), and/or the Swiss Federal Data Protection and Information Commissioner, as applicable, and to comply with the advice given by the DPA panel and/or ICO and/or Swiss data protection authorities, as applicable, with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Complaints related to human resources data should not be addressed to Data Privacy Framework Services operated by BBB National Programs.

Contact details for the EU data protection authorities can be found at https://edpb.europa.eu/aboutedpb/about-edpb/members_en

For more information about Idera Human Resource Personal Data and the Human Resource Privacy Policy, please contact [email protected].

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf

The Company is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. The Company may be required to disclose Personal Data that we handle under the Data Privacy Framework in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Unsubscribe

You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of the Company’s marketing emails. Additionally, you may by contacting us at any time at [email protected] Please note that opting out of marketing communications does not opt you out of receiving important business communications related to your current relationship with us, such as communications about your subscriptions or event registrations, service announcements, or security information.

Changes to this Privacy Notice

The Company reserves the right to change this Privacy Notice from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. If we do, we will update the “effective date” at the top of this Privacy Notice. If we make a material update, we may provide you with notice prior to this update taking effect, such as by posting a conspicuous notice on our website or by contacting you using the email address you provided.

We encourage you to periodically review this Privacy Notice to stay informed about our collection, processing, and disclosing of your Personal Data.

Contacting Us

Questions about this Privacy Notice or the information practices of the Company’s Websites and Services should be directed to our privacy team by filling out this form or by emailing us at [email protected] or by mailing us at the below address. We prefer electronic communication.

Idera Inc.
Attn: Legal Department
4001 W. Parmer Lane
Suite 125
Austin, Texas 78727

Please allow up to four weeks for us to reply.

EU Representative

We have appointed VeraSafe as our representative in the EU for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form: https://www.verasafe.com/privacyservices/contact-article-27-representative/ or via telephone at: +420 228 881 031.

Alternatively, VeraSafe can be contacted at:

VeraSafe Ireland Ltd
Unit 3D North Point House
New Mallow Road
Cork T23AT2P
Ireland

UK Representative

We have appointed VeraSafe as our representative in the UK for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form: https://www.verasafe.com/privacy-services/contactarticle-27-representative/ or via telephone at: +44 (20) 4532 2003.

VeraSafe United Kingdom Ltd.
37 Albert Embankment
London
SE1 7TL
United Kingdom

Data Protection Officer

We have appointed VeraSafe as our Data Protection Officer (DPO). While you may contact us directly, VeraSafe can also be contacted on matters related to the processing of Personal Data. VeraSafe’s contact details are:

VeraSafe
100 M Street S.E., Suite 600
Washington, D.C. 20003
USA
Email: [email protected]
Web: https://www.verasafe.com/about-verasafe/contact-us/