- Information we collect and how we collect it
- How we use the information we collect
- The Croner Company’s legal basis for processing personal information
- How we share the information we collect with third parties
- How we store and secure the information we collect
- How we transfer information we collect internationally
- How to access and control your information
- How to contact us about privacy questions or comments
- Other important privacy information
- Notice to End Users (Cookies, Social Media Shares, etc.)
“Personal Information” refers to any information relating to an identified or identifiable natural person. It does not include data where the identity of the individual has been removed. See the section below on “Information We Collect About Individuals and How We Collect It” for more information on the type of personal data we may collect and store.
Where Croner provides Services under contract with an organization, that organization may be the “controller” of the Personal Information processed by those Services. For more information, please see “Notice to End Users” below.
INFORMATION WE COLLECT ABOUT INDIVIDUALS AND HOW WE COLLECT IT
Client and Visitor Data
We may collect Personal Information from clients and interested visitors who contact us regarding our Services, contract with us to provide such Services, register for or attend our events, ask to be included on an email or other mailing list, participate in an online forum, blog or survey, download content or fill out a form. We may collect all or some of the following information: name, email address, phone number, company name, title, department, country and/or industry. Alternatively, you may visit many pages on our website anonymously. Any data we request from visitors to our website that is not required will be specified as voluntary or optional.
Client Relationship Data
We also collect and retain the following data when we contract with clients: a history of the Croner Services provided as well as all contract-related content and communications that you provide, send or share with Croner. This content includes data such as business contact information and remittance information to be used for marketing, billing and financial administration purposes. Content also includes any and all files and links you upload as part of your engagement with Croner.
Compensation and Related Employee Data
Organizations may provide Croner with content that includes limited Personal Information about their employees or other stakeholders. Croner will request, receive and retain only the minimum amount of data necessary to perform any Services as part of your engagement with Croner.
In general, Croner does not need and will not request Personal Information about an organization’s employees or other stakeholders to perform our contracted Services. End Users who require inclusion of Personal Information in the data sets they submit and/or receive from Croner, such as employee numbers or other referential data, understand that they provide such data for their own purposes and that Croner will not use such data in the performance of its Services, nor for any other purpose.
Information Provided Through Our Support Channels
Croner’s Services also include our customer support, where you may choose to submit information regarding a problem you are experiencing with a Service. Whether you designate yourself as a technical contact, open a support ticket, speak to one of our representatives directly or otherwise engage with our support team, you will be asked to provide contact information so that we can update you on the status of your support request or seek further information that would be helpful in resolving the issue.
Your Use of Online Services
We keep track of certain information about users who visit and interact with any of our online Services. This information includes the features you use, the links you click on and the type, size and filenames of attachments you upload to the Services. We may also collect information about your computer, phone, tablet or any other devices you use to access Croner’s Services. This device information includes your connection type and settings any time you install, access, update or use our online Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring / exit pages, device identifiers and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services.
Cookies and Other Tracking Technologies
You can find more information about cookies at www.allaboutcookies.org.
Information We Receive From Other Sources
We may receive information about organizations or individuals from other Service users, from third-party services, from our related companies, from your customers and/or from our business and channel partners.
Other Users of Our Services
Other users of our Services, including your employees or your employer, may provide information about you when they submit content related to Croner’s Services. We may also receive your email address from other Service users if they provide it to Croner for any purpose. Similarly, a Croner administrator may provide your contact information when they designate you as the billing, technical or other contact on your company’s account.
We may receive information about organizations or individuals from third-party partners, such as advertising and market research partners who provide us with information about your interest in, and engagement with, our Services and online content.
HOW WE USE THE INFORMATION WE COLLECT
How we use the information we collect depends in part on which Services you use, how you use them and any preferences you have communicated to us. Below are the specific purposes for which we may use the information we collect about you or your organization.
- To administer your account and facilitate your transactions.
- To respond to customer service requests.
- To send periodic emails when you have requested to receive them. (The email address you provide for order processing may be used to send you information and updates pertaining to your order or request, in addition to receiving occasional company news, updates, promotions, related product or Service information, etc.)
- To provide you the Croner Services you have requested.
- To improve our websites. (We continually strive to improve our website offerings based on the information and feedback we receive from you.)
- To personalize your experience. (Your information helps us to better respond to your individual needs.)
- To market, promote and drive engagement with Croner’s Services: We may use your contact information and information about how you use the Services to send promotional communications that may be of specific interest to you or your organization, including by email. These communications are aimed at driving engagement and maximizing what you get out of Croner’s Services, including information about new features, surveys and events we think may be of interest to you.
- For safety and security: We use information about you and your Service usage to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of Service policies.
- To protect our legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
- With your consent: We use information about you or any individuals in your organization where you have given us consent to do so for any specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote a Service, but only with your express permission.
LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION
Please note that we collect and process information about individuals in the European Economic Area (EEA) only where we have legal bases for doing so under applicable EU laws. The legal bases depend on what Service(s) Croner is providing to an individual or organization. This means we collect and use information from such individuals only where:
- We need it to provide you contracted Services as agreed, including to operate the Services, to provide customer support and personalized features and to protect the safety and security of the Services;
- It satisfies our legitimate business interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
- You, or any person within your organization authorized to do so, give us consent to do so for a specific purpose; or
- We need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
HOW WE SHARE THE INFORMATION WE COLLECT
In general, Croner does not often share any Personal Information or other data with any third party, nor with any other clients or individuals with whom we do business. Exceptions to our policy are as follows:
Transfer to Third Parties
From time to time we may work with third parties who provide consulting, sales or technical services to deliver and implement customer solutions around the Services. In such instances, we may share your information, and/or any information you have provided regarding individuals in your organization, with these third parties in connection with their services. Any such onward transfer to third parties of any individuals’ Personal Information will always be conducted pursuant to the EU-US Privacy Shield or other legitimate basis as provided by law, regardless of the regional source of the data.
Compliance With Enforcement Requests and Applicable Laws
In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to (a) comply with any applicable law, regulation, subpoena, legal process or governmental request, including to meet national security requirements, (b) enforce our agreements, policies and terms of service, (c) protect the security or integrity of our products and services, (d) protect Croner, our customers or the public from harm or illegal activities, or (e) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
If Croner is involved in a merger, acquisition or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your, or your organization’s employees’, Personal Information, as well as any choices you may have regarding your Personal Information.
HOW WE STORE AND SECURE THE INFORMATION WE COLLECT
The security of all Personal Information we receive is important to us. We use in-house data servers and also Microsoft’s Azure data hosting service in the United States to host the Personal Information we collect, and we use technical measures to secure your data. These security measures include:
- Password-protected directories and databases, following both NIST and Privacy Shield.
- PCI Scanning and other firewall protections to actively protect our servers and data from hackers and other vulnerabilities.
- Encryption of all data housed in our servers and our data network as well as in Microsoft’s Azure cloud-based data warehouse.
- Annual security audits and penetration testing.
We implement these safeguards to protect all Company information, including Personal Information submitted by individuals and organizations. However, no security system is impenetrable, and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others. Please contact us at email@example.com with questions regarding our security measures.
Please note that you are responsible for maintaining the secrecy of your unique password and account information and for controlling access to your email communications at all times.
HOW LONG DATA WILL BE STORED
We will retain and use your Personal Information, as well as any Personal Information provided to Croner regarding an organization’s employees, as necessary to comply with our legal obligations, resolve disputes and enforce our agreements. How long we keep the information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
We retain an individual’s account information for as long as that person is associated with Croner as an individual or as a representative of a client organization with an active account. We also retain such information for a reasonable period after the conclusion of a business relationship in case the individual or organization decides to reactivate the relationship. Personal data associated with transactions within Croner’s data environment is retained for the period of time legally required for audit purposes, typically seven to ten years, depending on the applicable law.
We also may retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations and/or to continue to develop and improve our Services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you.
Information You Provide for Fulfillment of Services
If your account is deactivated or disabled, some of your, or your organization’s employees’, Personal Information may be retained to allow other team members or users in your organization to make full use of the Services. For example, you may provide data that includes your organization’s employee identifiers which are of use to others in your organization when we provide reports to fulfill contracted Services.
We retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our Services, such as when you last opened an email from us or ceased using a Croner account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
HOW WE TRANSFER INFORMATION WE COLLECT INTERNATIONALLY
It is extremely unlikely that Croner will transfer any Personal Information of any type to any third party outside the United States.
We may include Personal Information data, such as unique employee identifiers, in reports we provide to client organizations if and only if requested to do so by that organization.
In the event that we do transfer data to any client or third party, we will always comply with the Privacy Shield Principles (regardless of the regional source of the data) as follows:
Privacy Shield Notice
The Croner Company voluntarily complies with the E.U.-U.S. Privacy Shield Certification program as set forth by the U.S. Department of Commerce regarding the collection, use, retention and transfer of data from the European Union. Croner adheres to, and is committed to comply with, the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. To learn more about the Privacy Shield program please visit https://www.privacyshield.gov/.
We encourage you to contact us as provided below should you have a Privacy Shield-related (or general privacy-related) complaint or concern. You may also contact any local data protection authority within the European Economic Area for unresolved complaints.
General Data Protection Regulation (GDPR) Notice
The Croner Company complies with the European Union’s General Data Protection Regulation regarding the collection, use, retention and transfer of data from the European Union. For more information on the GDPR, please visit https://gdpr-info.eu/.
We encourage you to contact us as provided below should you have a complaint or concern related to GDPR.
HOW TO ACCESS AND CONTROL YOUR INFORMATION
Under certain conditions, more fully described on the Privacy Shield website, including when other dispute resolution procedures have been exhausted, you may invoke binding arbitration. Please see “To Raise a Complaint” and other relevant information below.
Note that if your own Personal Information was provided to Croner by someone else in your organization, you retain the rights and options described herein relative to your own information.
Access / Choice / Opt-Out
You have the right to access your Personal Information. We provide you the opportunity to “opt-out” of having your information used for certain purposes or to unsubscribe from receiving future emails when we ask for the information. If you no longer wish to receive emails and/or other promotional communications, you may opt-out of receiving them by following the detailed unsubscribe instructions at the bottom of each email or communication or by emailing us at firstname.lastname@example.org.
If your Personal Information changes, to request removal of your personal information from our data servers or if you no longer desire our Services, you may inform us to correct, update, amend, delete or deactivate your data by emailing our customer support at email@example.com or by contacting us by telephone or postal mail at the contact information listed below. We will respond to your request to access within 30 days.
Your Rights in Relation to Personal Information and How to Exercise Them
Under certain circumstances EEA users have the following rights:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your data protection interests.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What We May Need from You
We may need to request specific information from you to help us confirm your identity and right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time Limit to Respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
HOW TO CONTACT US ABOUT PRIVACY QUESTIONS OR COMMENTS
The Croner Company
55 Shaver Street, Suite 300
San Rafael, CA 94901
To Raise a Complaint
Please contact Croner as specified above to address any complaints regarding Croner’s handling of Personal Information. Croner will take steps to remedy any issues arising out of a failure to comply with the Privacy Shield Principles as well as any applicable laws. If the complaint cannot be resolved through Croner’s internal processes, it will be referred to an arbitration service of Croner’s choosing. In addition, you will also have the possibility to invoke binding arbitration under certain conditions.
OTHER IMPORTANT PRIVACY INFORMATION
California Online Privacy Protection Act Compliance
Because we value your privacy, we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute your Personal Information to outside parties without your consent.
We have taken the necessary steps to ensure that we are compliant with the United States CAN-SPAM Act of 2003.
Terms and Conditions
Please also visit our Terms & Conditions section establishing the use, disclaimers and limitations of liability governing the use of our website at www.croner.com/terms-of-use.
NOTICE TO END USERS
Our Services are intended for use by businesses. Where the Services are made available to you through an organization (e.g., your employer), that organization is the administrator of the Services and is responsible for the accounts and ultimately for your use of the Services. In such circumstances, the only Personal Information held in the Services for most End Users will be the user’s name and email address at the organization’s domain name. Additionally, some clients may provide data that includes a unique employee identifier for individuals within that organization. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization’s policies. We are not responsible for the privacy or security practices of an administrator’s organization, which may be different than this policy.
Be advised that Croner’s IT Administrators can:
- require you to reset your account password;
- restrict, suspend or terminate your access to Croner’s Services;
- access and modify information in and about your account;
- access or retain information stored as part of your account;
- change the email address associated with your account; and
- restrict your ability to edit, restrict, modify or delete information.
Cookies and Tracking Notice
Croner uses various technologies to collect information, such as “cookies” and “sessionStorage” as described below.
Cookies are small files that a website or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.
If you wish to disable cookies, or if you wish to browse our websites privately / anonymously / incognito, your web browser can be configured to do this. See the section on “How Can You Opt-Out?” below for more information.
In some instances, Croner uses sessionStorage as an alternative to cookies. This tracking solution provides users with a greater level of anonymity because it captures some of the same data as cookies to facilitate faster loading of selected data during a session; however, that data is deleted immediately when an End User closes the browser window / tab in which it was set.
For statistics and analytic purposes, these cookies and similar technologies may also collect information on how users interact with the Services and enable us to improve how the Services operate.
We may use clear “.gif” files to better manage content on our website by informing us what content is effective. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. We do not tie the information gathered by clear gifs to our customer’s Personal Information.
As is true of most websites, we use third-party tracking-utility partners to gather certain information automatically and store it in log files. This information includes Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring / exit pages, operating system, date / time stamp, and click stream data. We use this information to analyze trends, to administer the site, to track users’ movements around the site and to gather demographic information about our user base as a whole.
Social Media Features, Widgets and Cookies
These cookies collect information about your browsing habits and are used to help companies understand how users interact with their websites and sometimes to provide targeted ads. We do not use any marketing cookies.
How Can You Opt-Out?
You may also change your cookie consent choices by contacting us: email us at firstname.lastname@example.org, call us at (415) 485-5530 or send written correspondence to:
The Croner Company
55 Shaver Street, Suite 300
San Rafael, CA 94901
You will not be able to opt-out of any cookies or other technologies that are “strictly necessary” for the Services.
Please contact your organization or refer to your administrator’s organizational policies for more information.