SAI360 Inc. together with its related bodies corporate (“we”, “our” or “us”) is committed to the protection of personal information within the scope of applicable laws. This global privacy policy/notice (“Privacy Policy”) sets out how we treat the personal information that we collect, use, and disclose. The Privacy Policy applies to information collected on our website located at https://www.sai360.com/ (“the Website”), as well as personal information collected in or through our products, services, and programs, or otherwise through any interaction you have with us (collectively, together with the Website, the “Services”).

We may update this Privacy Policy from time to time. The most current version will be located on our website and is also available by contacting our Data Protection Officer via email: [email protected]

Jump to policies for: Residents of California, Residents of the European Economic Area (“EEA”) and The United Kingdom, and Residents of Australia

What is personal information?

By using the term “personal information” in this Privacy Policy, we mean any information that can be directly associated with or used to identify a specific person, “personal information” may be used interchangeably with the term “personal data”.

Personal information we collect and process

We collect personal information from a variety of sources, including information that you provide directly and information that we automatically collect when you access and use the Services. The types of personal information that we collect will vary depending on your dealings with us.

Personal information you provide

You may provide personal information to us and our third-party service providers through the Services, when you submit information through our websites, for example by completing an online form, when you apply for or inquire about employment with us, in the course of us providing you with a requested product, service or benefit, or when you e-mail, call, or otherwise communicate with us, including in person. The types of personal information you provide differ depending on how you choose to interact with us, but may include your name, email, phone number, address, and payment card or bank account information, or any other personal information you choose to provide to us.

Information collected automatically

We and our third-party service providers may collect information automatically from you when you access and use the Services. Such information may include personal information and includes the following:

Usage information

We may collect information about how you interact with the Services. This may include information such as the dates and time you visit the Services, the page you view, referring / exit URLS, your browser type, and the domain name of your internet service provider. In some cases, we may collect this information through cookies and similar technologies. To learn more about these technologies, please see the “Device Information, Cookies and Google Analytics” sections below.

Correspondence

SAI360 appreciates your questions and comments about the Services and welcome your messages through our or “Contact Us / Feedback” page. If you correspond with SAI360, we may collect personal information, including the content of, and metadata regarding, any correspondence you may provide us. We may share your messages with those within our organization who are most capable of addressing the issues contained in your message. We may archive your message for a certain period of time or discard it.

How can you ‘Opt-Out’ of promotional correspondence?

To the extent permitted by applicable law, SAI360 or our third party service providers may send you e-mails with promotional offers. If you would no longer like to receive this information from us, please click the unsubscribe link at the bottom of any such e-mail you receive from us and follow the instructions. Your e-mail address will be removed from our marketing list. Please allow us a reasonable amount of time in order to satisfy your request, as some communications may already be in process. You do not have to provide us with any personal information, however if you do not do so we may not be able to provide you with the products, services or benefits you have requested.

Our legal basis for collecting and processing your personal data

We will only collect, use, or disclose your personal information where we have a legal basis for doing so. Typically, this will be:

• where you have provided your consent;
• where we are legally obliged to do so; and
• where it is necessary as part of a contract or transaction between SAI360 and yourself, or between SAI360 and your employer; where it is in our legitimate interest as a supplier of risk management solutions (for example providing you with customer service or protecting the security of our systems).

We use personal information in accordance with applicable laws in the countries/states in which we operate.

How we use the personal information we collect

We will use the personal information we collect for the purpose disclosed at the time of collection, or otherwise as set out in this Privacy Policy. We will not use your personal information for any other purpose without first seeking your consent, or where authorized or required by law.

We will use information collected directly from you for purposes that include:

• to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products, and services that you request from us;
• to the extent permitted, to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
• sending information that you request from us, including responding to inquiries or requests for information about or from SAI360;
• evaluating your qualifications for career positions at SAI360;
• other business purposes, including, without limitation, verifying your identity, age, and/or payment details, investigating complaints about the Services, research and analysis, marketing, advertising, and dispute resolution;
• in connection with a merger or similar consolidation of SAI360 into or with another entity;
• complying with law enforcement, government agencies, or a governmental mandate;
• complying with or as permitted by any SAI360 policies and any applicable legal requirements;
• to notify you about changes to our service;
• to ensure that content from our websites is presented in the most effective manner for you and your computer; and
• engaging in other activities discussed under this Privacy Policy or by SAI360 in its discretion.

In addition, we will use personal information collected about you for purposes that include:

• to administer our websites and for internal operation, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• to improve our websites to ensure that content is presented in the most effective manner for you and for your computer;
• to allow you to participate in interactive features of our service, when you choose to do so or are required to do so by your employer;
• as part of our efforts to keep our websites safe and secure;
• security purposes, including monitoring, risk assessment, addressing integrity and security issues related to the Services, and fraud and crime prevention/detection;
• to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
• to make suggestions and recommendations to you and other users of our websites about goods or services that may interest you or them.

In addition to the uses mentioned or described elsewhere in this Privacy Policy, we may add personal information to our database.

How we store and protect your personal information

We store personal information in a combination of computer storage facilities and other records. We take reasonable measures to secure and protect your personal information from misuse, interference, and loss, and unauthorised access, modification, or disclosure on the Services. Nevertheless, no security system is impenetrable. We cannot guarantee that personal information that users of the Services transmit or otherwise supply will be secure.

Where we provide personal information to third parties, we use contractual measures to protect this information.

Additionally, we take reasonable steps to destroy or permanently de-identify personal information when we no longer need it.

Your consent

We will ask you for your explicit consent before capturing and processing your personal data, in the limited circumstances for which consent is appropriate or required by applicable law. By providing consent you are giving us permission to process your personal data specifically for the purposes identified.

You may withdraw consent at any time by contacting our Data Protection Officer via email: [email protected]

In other cases, our interfaces (e.g., an email footer) will provide an option for withdrawing consent.

Disclosure of your personal data to third parties

We may also disclose all of the categories of personal information that we collect to third parties who work with us in our business to provide, promote or improve the products or services you have requested or are interested in, process payments, perform statistical analysis, protect against potential fraud, or perform any other functions consistent with the operation of the Services, such as:

• our related bodies corporate;
• our affiliated organizations in the countries set out below;
• third-party service providers (such as trainers, auditors, banks, and mortgage rooms);
• national regulators and accreditation bodies;
• marketing agencies;
• consultants and professional advisers in the course of the professional services they render to us;
• analytics and search engine providers that assist us in the improvement and optimization of our websites; or
• service providers who help us manage our relationships with our customers and our marketing channels (such as Salesforce, Adobe, Salesloft and ZoomInfo).

We may disclose your personal information to third parties:

• in the event that we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets; or if we are under a duty to disclose or share your personal information in order to comply with any legal obligation.

We do not, and do not intend to, sell your personal data.

Do we send your information overseas?

Depending on your relationship with us or the type of service we provide to you we may disclose some of your personal information, for the purposes described above, to our international offices. We may also disclose your personal information to other countries specified by you from time to time in order to provide services to you.

Some of these countries may not have the same or substantially similar privacy laws as those set out in this privacy policy.

By providing your personal information to us, you consent to our disclosure of your personal information to organizations in those countries (where relevant or necessary) even though it may not receive the same protections that it would in your own country. You may request us not to transfer your personal information to the countries listed in the Privacy Policy, but if you do so we may not be able to provide the services or products you have requested from us.

Retention of your personal data

Where SAI360 holds and processes your personal information for contractual purposes (e.g. if you have purchased something from us), we will hold and process this data for as long as we are legally obliged to do so. Where you have provided your consent  for us to hold and process your personal information (for example to provide you with updates on relevant products and services we may offer), to the extent permitted by applicable law, we will do so until you ask us not to.

Linked websites

For your convenience, some hyperlinks may be posted on the Services that link to other websites not under our control. We are not responsible for, and this Privacy Policy does not apply to, the privacy practices of those websites or pages not under our control or of any companies that we do not own or control. We do not endorse any of those websites or pages, the services or products described or offered on such sites or pages, or any of the content contained on those sites or pages.

User-provided content

Except as expressly set forth in this Privacy Policy, any information, communications, or material that you submit to the Services is done at your own risk and without any expectation of privacy.

Social media platforms

Any information, communications, or material that you submit to any pages associated with SAI360 on social media platforms is done at your own risk and without any expectation of privacy. All such submissions are subject to the terms of use and privacy policy of such social media platforms.

Children

The Services are intended for a general audience and are not intended for use by children under 13 years of age. We do not knowingly collect information about children or sell products to children. Consistent with the Children’s Online Privacy Protection Act, we will not knowingly collect any information from children under the age of 13.

Your rights as a Data Subject

Depending on your jurisdiction, and subject to applicable data protection laws, you, the Data Subject, may have a number of data protection rights such as: the right of access to your information; the right to delete, restrict/block, object to, amend/update or correct or port your personal information and the right to withdraw your consent for processing. More details regarding these rights are available on any form on this website where you are asked to enter any personal data. If you are using one of our products or services contracted by your employer, please contact your customer representative.

Exercising rights as a Data Subject

If you elect to exercise any of the rights listed above, including access, consent, or withdrawal of your consent for us to process your data, you can do so by contacting our Data Protection Officer using the contact details under Data Subject Requests below. If you are using one of SAI360 Products or Services contracted by your employer, please contact your customer representative. If a third party is involved in the processing of your personal data, we will pass on to them your request arising from the rights listed above, as applicable. Certain data protection laws (like those in Europe and California) make the distinction between those who act as “controllers” or “businesses” and those who act as “processors” or “service providers” of personal data. A controller determines how and why your personal information is to be used. A processor or service provider only processes personal data on behalf of the controller under the controller’s instruction.

For many of our services, our customers are the controller, and we are acting as their processor. It may be up to the controller to make sure you can exercise your rights over your personal data. If you have questions about how personal data is handled by our customers, you will need to review their privacy notices and, if necessary, contact them directly.

Residents of the European Economic Area (“EEA”) and The United Kingdom

This portion of our Privacy Policy applies to our customers in the EEA and the United Kingdom only and applies to the extent of any inconsistency with the information above. All terms not otherwise defined in this section shall have the meanings as defined under applicable data protection laws.

Consent

We will make it clear if we rely on your consent to process your personal data and you are free to withdraw your consent at any time. If you wish to do so, Please contact us as described below in the section titled Data Subject Requests.

Legitimate interest

Another reason we might use your personal data is because we have, or a third party has a legitimate interest in doing so. We do so when responding to your inquiries about our products and services; to provide services and technical support to you; and to enable internal administrative processes, such as account administration.

Retention period

When we no longer need to process your personal data for the purposes described in this Privacy Policy, we will delete your personal data from our systems. We therefore generally retain information when we have an ongoing legitimate business need for the information and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Providing your data

One reason we might use your personal data is because you’ve inquired into entering into a contract with us or you’ve entered into a contract with us, and we need to provide services under that contract. We may not be able to fulfill that contract if you choose not to provide us with your personal data.

Purpose of processing

When we process your personal data, we determine the purpose of the processing and act as a controller. We will primarily process personal data from the EEA and the United Kingdom to offer our products services, process payments, and to provide prospective customers with information about our products, in addition to other purposes set out in this Privacy Policy.

Automated decision making

We do not engage in any automated decision making as a part of our Services.

Your right to rectification

We want our records to be as accurate as possible, so please advise us of any errors and we will make corrections accordingly. Although a difference of opinion or view does not necessarily mean that personal data is inaccurate. If you have a difference of opinion, we will do our best to add that opinion to our records.

Erasure and your right to be forgotten

Please contact us as described below in the section titled Data Subject Requests if you want us to delete your personal data. We will do our best to honor your request, but we may have an obligation to keep records for audit and legal purposes. We may also be able to “Restrict Processing” or delete specific information or a document, which we will do without undue delay, for example, where it has been sent to us in error.

Your right to object to processing

In certain circumstances, you have the right to object to our use of your personal data, such as if we are using your personal data for direct marketing; for our or a third party’s legitimate interests or the public’s interest; or for scientific or historical research and statistics. Please contact us as described below in the section titled Data Subject Requests if you would like us to do so.

Right to restrict processing

Under some circumstances, you may request that we limit how we use your data or “Restrict Processing”. Simply a difference of opinion or view does not necessarily justify a restriction, but we will always consider your opinion. We will always inform you before we lift any restriction.

Your right to access data

You have a right to receive a copy of your personal data from us. If you would like to do so, please contact us as described below in the section titled Data Subject Request and we will advise you of the next steps as soon as possible, and in no more than one month.

Right to data portability

At your request, we are happy to provide your personal data in a machine-readable or “portable” format so you can move it or store it wherever you want, subject to certain limitations. We can also send it to another controller where technically feasible. If you would like to do so, please contact us as described below in the section titled Data Subject Requests and we will advise you of the next steps.

Right to complain

If you have a complaint about how SAI360 uses your personal data, we hope that in the first instance you will contact us, and we will promptly address your concern.  However, you can always file a complaint with the supervisory authority in your jurisdiction.  For more information, please contact your local data protection authority (contact details for data protection authorities in the EEA are available at https://edpb.europa.eu/about-edpb/board/members_en; and contact details for the data protection authority in the UK are available at https://ico.org.uk/.

Charges/fees

We do not charge you a fee for exercising any of your rights described above.

Data Subject Requests

SAI360 Inc. may in the course of its business collect and process personal data from our customers and other individuals we interact with (Data Subjects). How we treat the personal data that we collect, use, and disclose is set out in our Privacy Statement Privacy Policy. If you would like to exercise any of your rights as a Data Subject, please contact our Data Protection Officer via email: [email protected]

Complaints

In the event that you wish to make a complaint about how your personal data is being processed by SAI360 (or third parties as described above), or how your complaint has been handled, you have the right to lodge a complaint directly our Data Protection Officer via email: [email protected]

You can also lodge a complaint with a Supervisory Authority or other applicable  regulator, depending in your jurisdiction. A list of EU competent national supervisory authorities is available from: https://edpb.europa.eu/about-edpb/about-edpb/members_en

SAI360’s lead authorities are listed below:

Data Protection Commission

21 Fitzwilliam Square

D02 RD28 Dublin 2

Website: http://www.dataprotection.ie/

Email: [email protected]

Tel. +353 76 110 4800

United Kingdom

Information Commissioner’s Office

Wycliffe House

Water Lane Wilmslow, Cheshire, SK8 5AF

United Kingdom

Website:  www.ico.org.uk/global/contact-us Email: [email protected]

Tel: +44 303 123 1113

Definitions

“Data Subject” refers to any individual person who can be identified, directly or indirectly, via an identifier such as a name, an ID number, location data, or via factors specific to the person’s physical, physiological, genetic, mental, economic, cultural, or social identity.

“Personal Data” (Personal Information) means any information relating to an identified or identifiable natural person (Data Subject).

California residents’ privacy rights

This portion of our Privacy Policy advises California residents of rights provided in the California Consumer Privacy Act (the “CCPA”), (as amended by the California Privacy Rights Act (the “CPRA”), effective January 1, 2023) and how California residents may exercise those rights. The CCPA currently exempts personal information reflecting a written or verbal business-to-business communication (“B2B Personal Information”) from certain of the law’s requirements, and also currently exempts personal information collected and used about a natural person acting as a business’s employee or contractor (“Personnel Information”). The rights described below may not apply to B2B Personal Information or Personnel Information.

If you are a California resident, you may request certain information from or certain action by us, such as exercising the access and deletion rights described below, or you may authorize an agent to make such a request on your behalf. We will seek to verify your identity and your agent’s authority when we receive an individual rights request from you or on your behalf to ensure the security of your personal information and may need to collect additional personal information to do so.

Please direct any such rights requests (as further described below) or additional questions that you may have regarding this Privacy Policy please contact us as described below in the section titled Contact information.

California residents have the right to request the deletion of personal information, but we may not delete some or all personal information, as required or permitted by applicable law, such as if the requested information is necessary to:

• complete your transaction;
• provide you with a good or service;
• perform a contract between us and you;
• protect your security and prosecute those responsible for breaching it;
• fix our Services in the case of a bug;
• protect the free speech rights of you or other users;
• protect the free speech rights of you or other users;
• comply with a legal obligation; or
• make other internal and lawful uses of the information that are compatible with the context in which you provided it.

If you are a California resident, you may also request to receive details about how we collect, use, and share your personal information. You may also request to receive the specific pieces of personal information that we have collected about you.

If a business sells personal information, you have a right to opt-out of that sale. We do not, and do not intend to, sell the personal information of California residents and, furthermore, do not have actual knowledge that we sell the personal information of consumers under 16 years old.

Businesses may not, and we do not, discriminate against you for exercising your CCPA (CPRA) rights, such as the access and deletion rights described above.

Contact information

Please direct any rights requests (as described above) or additional questions that you may have regarding this Privacy Policy to our Data Protection Officer via email: [email protected]

Residents of Australia

This portion of our Privacy Policy applies to our Australian customers only and, applies to the extent of any inconsistency with the information above.

This section explains how we handle personal information relating to individuals who are Australian customers, so as to ensure we meet any obligations under the Australian Privacy Act.

In this section, “personal information”, is defined in the Australian Privacy Act, and means information or an opinion about an identified individual, or an individual who is reasonably  identifiable, whether the information or opinion is true or not, or recorded in a material form or not. Personal information includes a person’s name, address, contact details, date of birth, gender, sexuality, and race.

By electing to acquire our Services, you will be deemed to consent to us using your personal information in a manner consistent with this Privacy Policy, including monitoring your use of our website.

We retain the personal information that we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with the Services you requested or to comply with an applicable legal requirement).

Direct marketing

We will not use or disclose personal information for the purposes of direct marketing to you unless:

• you have consented to receive direct marketing materials; or
• you would reasonably expect us to use your personal details for this purpose; or
• we believe you may be interested in the material, but it is impractical for us to obtain your consent.

In every instance, we will ensure that our direct marketing material incorporates an option for you to elect to receive no further such communications.

Please note also that even if you have requested not to receive further direct marketing communications, we may nevertheless continue to provide you with information about changes to our terms and conditions for the supply of goods or services, questionnaires, and other factual information. This form of communication is not regarded as “direct marketing” under the Australian Privacy Act.

Overseas disclosure

Personal information may be sent outside of Australia to our related bodies corporate, as permitted by the Australian Privacy Act, which are located in the United States of America. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach our privacy obligations relating to your personal information. However, you should note that United States jurisdictions may not offer the same level of statutory privacy protection for personal information as Australia does. By providing your personal information to us, you consent to our disclosure of your personal information to these entities.

Access, correction, and further Information

We will take such steps as are reasonable to ensure that the personal information which we collect remains accurate, up to date and complete.

You may request access to any personal information we hold about you at any time by contacting to our Data Protection Officer via email: [email protected]

Upon such request we will endeavor to provide you with access to your personal information held by us unless we are permitted under the Australian Privacy Act to refuse to provide you with such access. Please contact us if you:

• wish to have access to the personal information which we hold about you;
• consider that the personal information which we hold about you is not accurate, complete, or up to date; or
• require further information on our personal information handling practices.

There is no charge for requesting access to your personal information, but we may require you to meet our reasonable costs in actually providing you with access.

If you consider that the information which we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, we will take reasonable steps, consistent with our obligations under the Australian Privacy Act, to correct that information if you so request.

We will respond to all requests for access and/or correction within a reasonable time.

Complaints

If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal information, you should send to our Data Protection Officer via email: [email protected]

If you remain unsatisfied with the way in which we have handled a privacy issue, we suggest you approach an independent advisor or contact the Office of the Australian Information Commissioner for guidance on alternative courses of action which may be available. We will provide our full cooperation in the event that you elect to pursue this course of action.