PRIVACY

Cookies Policy

Last updated on August 31, 2020

1. INTRODUCTION

This Cookie Policy describes how Strategic Risk Associates and its subsidiaries (collectively, “SRA”, “us”, “we”, “our”) use cookies, beacons, pixels and other similar means. By using our website (www.SRARISK.com), and any web-pages included thereto (collectively: the “Website”) and related Services, you agree to our use of the means described below.

While you may visit our Website or otherwise use the Services without telling us who you are or revealing any Personal Data [Client to confirm], please note that our server logs capture information regarding your operating system, browser type, IP (Internet Protocol), URL clickstream through, and from our Website, including date and time.

We apply the following means to automatically collect data (including Personal Data) from you:

Personal Analytics information.

We may directly collect analytics data, or use third-party analytics tools, to help us measure your usage trends for the Services. These tools collect information sent by your browser or mobile device, including data on your traffic on our Services.  If we do engage in such collection or use, we will collect and use this analytics information to provide you a more customized experience on our Services, such as serving you curated newsletters, recommended content, or marketing material.

Tracking Information

We use or may use cookies, log file, location data and clear gifs information to: (a) remember information so that you will not have to re-enter it during your visit or the next time you visit the site; (b) provide custom, personalized content and information; (c) provide and monitor the effectiveness of our Services; (d) monitor aggregate metrics such as total number of visitors, traffic, and demographic patterns; (e) diagnose or fix technology problems; (f) help you efficiently access your information after you sign in; (g) automatically update the App (when and if available); and (h) use aggregate metrics to help market our Services or products.

Anonymized Analytics information

We may directly collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends for the Services. These tools collect information sent by your browser or mobile device, including the pages you visit and other information that assists us in improving the Services.

Third Party Data

We also may use the technologies listed herein to collect information about your activities over time and across third-party websites, apps or other online services (behavioral tracking).

Log file information

Log file information is automatically reported by your browser or mobile device each time you access the Services. When you use our Services, our servers automatically record certain log file information. These server logs may include anonymous information such as your web request, Internet Protocol (“IP”) address, browser type, referring / exit pages and URLs, number of clicks and how you interact with links on the Service, domain names, landing pages, pages viewed, and other such information.

Location data

If you choose to provide us with such information by allowing us access to your location data through the Service's functionality, when you access the Service, we may access, collect, monitor and/or remotely store “location data,” which may include GPS coordinates (e.g. latitude and/or longitude) or similar information regarding the location of your device. Location data may convey to us information about how you browse and use the Services. Some features of the Services, particularly location-based services, may not function properly if use or availability of location data is impaired or disabled.

2. Cookies Pixels and beacons

What are Cookies?:

Cookies are small data files downloaded and stored on your device while browsing a website, often used to keep record of actions taken on such website or track related browsing activity. For additional information regarding Cookies and the way to control them, please check out the Help file of your browser or visit http://www.aboutcookies.org.

Cookies information

When you visit the Service, we or our analytics providers may send one or more cookies (a small text file containing a string of alphanumeric characters) to your computer that uniquely identifies your browser and lets SRA help you log in faster and enhance your navigation through the Services. A cookie may also convey information to us about how you use the Services (e.g., the pages you view, the links you click and other actions you take on the Services), and allow us to track your usage of the Services over time. A persistent cookie remains on your hard drive after you close your browser. Persistent cookies may be used by your browser on subsequent visits to the site. Persistent cookies can be removed by following your web browser's directions. A session cookie is temporary and disappears after you close your browser.

Cookie opt-out

We do not respond to “Do Not Track” (DNT) signals. However, some third party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, your browser may allow you to set the DNT signal on your browser so that third parties (particularly advertisers) know you do not want to be tracked. You may elect to opt-out from enabling Cookies: (a) in the browser’s settings tools, usually by choosing between several options offered by the browser (some browsers (for example, Google Chrome®) allow blocking Cookies from a specific website, and respectively you may choose to block applicable Cookies); or (b) by rejecting the popup message requesting your consent of SRA use of such Cookies at your new browsing session of the domain. Please refer to your mobile device or browser's technical information for instructions on how to delete and disable cookies, and other tracking/recording tools. Please note that it may not be possible to delete or disable tracking mechanisms, depending on your type of mobile device. Note that disabling cookies and/or other tracking tools prevents SRA or its analytics providers from tracking your browser's activities in relation to the Services. However, doing so may disable many of the features available through the Services.

What are pixels and beacons?

Pixels, beacons and clear codes are codes that trigger the use of Cookies by us or third parties on our Website.

Clear gifs/web beacons information

When you use the Service, we or our analytics providers may employ clear gifs (also known as web beacons) which are used to anonymously track the online usage patterns of our users. In addition, we may also use clear gifs in HTML-based emails sent to our users to track which emails are opened and which links are clicked by recipients. The information allows for more accurate reporting and improvement of the Service.

3. Details

We use pixels from LinkedIn and Facebook to track visitors to our site and serve them ads using customary retargeting methods.

We also use standard browser Cookies, which are stored on your browser application, computer or other device.  These Cookies do not store any Personal Data and are used only to verify that the user is logged in. They are deleted when you close your browser.

4. Consent

By using the Website and/or otherwise engaging any of the Services, you understand that we may place Cookies on your computer, including analytical cookies, in accordance with the terms of this Cookies Policy, for such purposes described under our Privacy Notice.

5. Changes and Updates

We may change this Cookie Policy from time to time. Please take a look at the “Last Updated” legend at the top of this page to see when this Cookie Policy was last revised.

Any changes to this Cookie Policy will become effective when we post the revised Cookie Policy on the Website. Your use of the Website following these changes means that you accept the revised Cookie Policy.

If you have any questions about opting out of the collection of cookies and other tracking/recording tools, you can contact us directly at privacy@SRArisk.com.

Privacy Notice

Last Revised: August 31, 2020

Welcome to SRA, the online and mobile service of Strategic Risk Associates (“SRA,” “we,” or “us”). Our Privacy Notice explains how we collect, retain, process, and use, disclose, and protect your data that applies to our Service (as defined under our Terms of Use [add link], and your choices about the collection and use of your Personal Data.

Capitalized terms that are not defined in this Privacy Notice have the meaning given them in our Terms of Use.

Please read this Privacy Notice carefully to understand our policies and practices regarding your data (including Personal Data, as prescribed below) and how we will treat it.

We will collect and process your Personal Data as described in this Privacy Notice. Where applicable, we will obtain your opt-in consent for such purpose.

However, with respect to Personal Data which we collect for certain purposes reflecting our legitimate interests and/or non-Personal Data, your browsing of the Website and/or use of the Services, will be deemed as your consent, which you may opt-out from by deleting your Account. Thus, if you do not agree with our policies and practices, do not access, register with or use any of the Services (and if applicable, delete your Account).

This Privacy Notice may change from time to time (see Changes to Our Privacy Notice). Your continued use of the Services after we make changes to this Privacy Notice is deemed to be acceptance of those changes, so please check this Privacy Notice periodically for updates. However, where such changes require your opt-in consent in our opinion, we will act to obtain such consent.

In the event that you make available any personal data other than your own within the course of the Services (including by any communication means) to us and/or any other entity, then you will be solely responsible for obtaining all consents and approvals from the respective data subjects, and further for having them acknowledge this Privacy Notice.

What Data we Collect and How we Use It

Upon registration with the Services, a User profile is developed to further customize your experience. We collect personally identifiable information (the "Personal Data") you actively enter onto our online forms during registration or while using the Services as well as certain non-personal or de-identified data, as described below.

We collect the following types of data about you:

Data you provide us directly: When you register on, or otherwise use the Services, we may collect the following Personal Data you provide via forms, surveys, applications or other online fields: [NTD- list must be exhaustive for GDPR purposes]

Email

Password

First and Last Name

Date of Birth

Gender

Phone Number

Address and Zip Code

Telephone, fax and mobile numbers

User account photo

Billing information and other financial information

Communications or correspondence related to our Services, which might contain Personal Data

We use this data (including Personal Data) to operate, maintain, and provide to you the features and functionality of the Services, , and for compliance with applicable law (including any potential legal dispute) .

We will also use this data to send you a text message or an email to confirm your registration with us.

Data we may receive from third parties:  In some cases, we may receive data about you from third party(ies) such as social media channels or third party(ies) who used our Services to invite you. For example, if you access our Site or Services through a third-party connection or log-in like Facebook Connect, by “following,” “liking,” adding the SRA application, linking your account to the Service, etc., that third party may pass certain data about your use of its service to SRA.  This data could include, but is not limited to, the user ID associated with your account (for example, your Facebook UID), an access token necessary to access that service, any data that you have permitted the third party to share with us, and any data you have made public in connection with that service.  In addition, we may collect and use certain kinds of publicly-available data about you from social media sites, including number of followers, number of likes or number of posts.  If you allow us access to your friends list, your friends' user IDs, and your connection to those friends, we may use and store this data to make your experience more social, and to allow you to invite your friends to use our Services as well as provide you with updates if and when your friends join SRA. You should always review, and if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our Services. You may also unlink your third party account from the Services by adjusting your settings on the third party service. If you unlink your third party account, we will remove the data collected about you in connection with that service.

Inviting a friend to use SRA through use of the Service: If you choose to allow SRA to access your contacts, and you message those contacts through use of our Services, SRA may invite such third party contact to the Services by email or text message — but we do not require that you import your contacts list to the Service, and we do not retain the data contained in your contacts list. You understand that by inviting a friend to SRA, you are directly sending a text or email from your account and that we are not storing your contact list. In addition, you understand and agree that normal carrier charges may apply to communications sent from your phone. Since this invitation is coming directly from you, we do not have access to or control this communication. [NTD- This might be an issue in terms of local laws of other jurisdictions in terms of anti-spam rules]

Data automatically collected or generated: When you visit, interact with or use our Website and/or otherwise use our Services, including any e-mail sent to you by us, we may collect or generate technical data about you. We collect or generate such data either independently or with the help of third party services, including through the use of cookies, beacons, pixels and other tracking technologies (as further detailed in our "cookies policy" [add link]).

Such data consists of connectivity, technical or aggregated usage data, such as IP address, non-identifying data regarding the device, operating system, browser version locale and language settings used, the cookies, beacons, and pixels installed on such device, and the activity (clicks and other interactions) of users of our Website and/or other Services.

We do not use such data to learn a person's true identity or contact details, but mostly to have a better understanding on how our users typically use browse our Website. The use of such technical and device data also helps us and our partners to deliver contextual or otherwise more effective advertisements and content; to optimize our ad management and our users' viewing experience, and to improve the overall user experience and functionality of our Website.

Please refer to our Cookies Policy to better learn what type of data (including Personal Data) we collect via these means, and the manner in which we use such data.

Marketing and service communications: We use the data we collect or receive to communicate directly with you. We may send you emails containing newsletters, promotions and special offers, without sharing your Personal Data with third parties. If you do not want to receive such email messages, you will be given the option to opt out or change your preferences. We also use your data to send you Service-related emails (e.g., account verification, purchase and billing confirmations and reminders, changes/updates to features of the Service, technical and security notices). You may not opt out of Service-related e-mails.

Sharing of Your Data

We will not rent or sell your data to third parties outside SRA and its group companies (including any parent, subsidiaries and affiliates) without your consent, except as noted below:

Who we may share your data with: We may share your data with third-party service providers for the purpose of providing the Services to you. This sharing is necessary to provide you access and use of the Services and such service providers will be given limited access to your data as is reasonably necessary to deliver the Services and will not sell or otherwise impermissibly disclose your data.  In some cases we may collect or share your data with third-party business partners for the purpose of providing you a more customized experience on our Services or to serve marketing material of such business partner.  If we engage in such collection or use, we will provide you the opportunity to opt-out of such sharing with business partners at the time of collection or use.

The current third party service providers that have access to your Personal Data are as follows:

Facebook and Linkedin for pixel and retargeting purposes/ Google for website performance tracking. Campaign Monitor for list building.

What happens in the event of a change of control: We may buy or sell/divest/transfer the company (including any equity interests in the company), or any combination of its products, services, assets and/or businesses. The data you provide to us or we collect from you may be among the items sold or otherwise transferred in these types of transactions. We may also sell, assign or otherwise transfer such data in the course of corporate divestitures, mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, similar transactions or proceedings involving all or a portion of the company.

Instances where we are required to share your data: SRA will disclose your data where required to do so by law or subpoena or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) to enforce our Terms of Use or to protect the security or integrity of our Services; and/or (c) to exercise or protect the rights, property, or personal safety of SRA, our Users or others.

Sharing certain non-personal data we collect about you: We may also aggregate or otherwise strip data of all personally identifying characteristics and may share that aggregated, anonymized data with third parties.

Storage and Processing: Your data collected through the Services may be stored and processed in the United States or any other country in which SRA or its subsidiaries, affiliates or service providers maintain facilities. While privacy laws may vary between jurisdictions, SRA has taken reasonable steps to ensure that your Personal Data is treated in a secure and lawful manner and in accordance with common industry practices, regardless of any lesser legal requirements that may apply in other applicable jurisdictions. Thus, while SRA may transfer information that we collect about you, including Personal Data, to affiliated entities, or to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world, if you are located in the European Union, please note that SRA will only transfer your Personal Data to a country and jurisdiction that has at least the same data protection laws as your jurisdiction and/or as otherwise permitted under the GDPR.

Keeping your data safe: SRA cares about the security of your data, and uses commercially reasonable safeguards to preserve the integrity and security of all data collected through the Service. To protect your privacy and security, we take reasonable steps (such as two-step authentication) to verify your identity before granting you initial access to your account. You are responsible for any use of the Services on your account, whether by you or a third party, as well as for controlling access to your email communications from SRA, at all times. However, SRA cannot ensure or warrant the security of any data you transmit to SRA or guarantee that data on the Services may not be accessed, disclosed, altered, or destroyed. Your privacy settings may also be affected by changes to the functionality of third party sites and services that you add to the SRA Service, such as social networks. SRA is not responsible for the functionality or security measures of any third party. [NTD- under GDPR requirements, adequate security means should be applied, depending on the type of personal data collected / stored. If SRA collects sensitive data such as billing information etc., then it should verify, for example, that 2 step authentication is actually considered adequate in this case]

Compromise of data: In the event that any data under our control is compromised as a result of a breach of security, SRA will take reasonable steps to investigate the situation and where appropriate, notify those individuals whose data may have been compromised and take other steps, in accordance with any applicable laws and regulations.

How long we keep your personal data: Generally, we retain your Personal Data for a period of 36 months from date of the date in which the respective Personal Data was collected. However, (i) we retain your Personal Data pertaining to your name, Account, contact information (including email), so long as your account is not deactivated; (ii) we may retain your Personal Data (including such Personal Data specified un subsection (i) above), for a longer period for accounting, archival, audit and legal purposes (i.e., as required by laws applicable to our record and bookkeeping, and in order to have proof and evidence concerning our relationship or any claims related thereto, should any legal issues arise). [NTD- GDPR best practice is to have a data retention policy which describes what type of personal data is retained for which period, and the reasoning for such decision]

Your Choices about Your Data

You control your account information and settings: You may update your account data and email-communication preferences at any time by accessing your account and changing your profile settings. You can also stop receiving promotional email communications from us, if any, by clicking on the “unsubscribe link” provided in such communications. We make every effort to promptly process all unsubscribe requests. As noted above, you may not opt out of Service-related communications (e.g., account verification, changes/updates to features of the Service, technical and security notices). If you have any questions about reviewing or modifying your account data, you can contact us directly at privacy@SRArisk.com

Your Rights Regarding Your Personal Data Under GDPR and Applicable Law

You may have certain rights regarding the manner of collection, processing, and usage of your Personal Data pursuant to applicable privacy laws (such as the EU GDPR). Under the GDPR (to the extent it applies to you) you may be eligible for the following rights:

The right to have your Personal Data deleted: however, please note that we may limit this right in the event we are required to retain such Personal Data in order for us to comply with any legal obligation, or in the event that we believe that we require, or may require in the future, to use such Personal Date is required, for the purpose of exercising of a legal defense.

The right to access the Personal Data that we collect and process.

The right to rectify untrue or incorrect Personal Data.

The right to object to us processing your Personal Data: however, in case you object to our processing of any Personal Data which we require to reasonably provide you with any services and/or otherwise make the Services available to you, you will not be able to use such Services; or, your use of the Services might be limited.

The right to have your Personal Data exported at your request: which we will make efforts to comply with within a reasonable time and provide you with such compiled data through an electronic medium of our choice.

The right to lodge a formal complaint with the EU supervisory authority: if you believe that any of your rights under the GDPR were breached.

Please note that the above list contains a summary of the main rights you may have under the GDPR. Under no circumstances shall the above be deemed as an exhaustive list.

Children's Privacy

SRA does not knowingly collect or solicit any information from anyone under the age of 16 or knowingly allow such persons to register as Users. The Services and its content are not directed at children under the age of 16. In the event that we learn that we have collected personal information from a child under age 16 without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 16, please contact us at privacy@SRArisk.com

Links to Other Web Sites and Services

We are not responsible for the practices employed by websites or services linked to or from the Services, including the data or content contained therein or sent to you in a message from any third party that contacts you through use of the Services. Please remember that when you use a link to go from the Services to another website, our Privacy Policy does not apply to third-party websites or services. Your browsing and interaction on any third-party website or service, including those that have a link on our website or through our Services, are subject to that third party's own rules and policies. This Privacy Policy does not apply to data we collect by other means (including offline) or from other sources other than through the Services.

How to Contact Us

If you have any questions about this Privacy Notice or the Service, or in the event that you wish to exercise your rights with respect to your Personal Data, please contact us at privacy@SRArisk.com