Effective Date: February 04, 2022
1. Purpose and Scope.
(collectively referred to as “Copado”) and covers the services we provide to you, our sales and marketing activities, and related activities. We refer to personal data and information in this Policy as “personal data”. We refer to our products and services in this Policy collectively as the “Services”. This Policy applies the Services and to related activities such as those described below:
Managing your account and relationship we have with you as a Copado customer;
Direct sales, advertising and marketing activities that we may provide to you;
Sales and marketing activities from our authorized partners, including Copado resellers, platform partners, distributors, and third-party marketplaces;
Your participation in a Copado training or certification programs;
Your attendance or participation in Copado or partner events;
Providing our Services and products to you as a Customer;
Your visits and use of our websites.
2. Copado can be both a processer and a controller of personal data.
Under the General Data Protection Regulation of the European Union (the “GDPR”) and other similar data protection laws, we may either be defined as a controller or a processor of personal data. When Copado provides its Services to you and personal data is involved, Copado generally acts as a “processor” of personal data, because Copado processes the personal data as part of the Service and at your direction. When acting as processer, Copado handles your personal data solely on your instructions, unless legally required to do otherwise. Under different circumstances, such as our direct marketing activities, Copado is considered a “controller” of your personal data if Copado determines how that data will be handled.
3. Categories of personal data and Information that we collect. We may collect, store, and use personal data in the following categories:
Contact information such as name, email address, phone number, title, professional details, and employer’s name.Information about our users’ experiences with products, services, events, webinars, promotions, and online forums and communities.
Contact information derived from your interactions with us, such as with our customer support team.
Contact Information about prospective customers collected from our events, promotions, trade shows,
Payment information for purchases with Copado.
Audio and visual information, such recordings of some calls, meetings and events.
Additional details about certification candidates.
Other personal data collected in connection with our Services.
4. How we collect personal data.
As it relates to the Services, personal data may be obtained directly from you or your employer. We also may
receive personal data from our partners (which include resellers and distributors); third-party marketplaces
where our products are offered (such as the salesforce.com app exchange); data brokers (such as Dun &
Bradstreet); marketing companies; interactions with our website; referrals from other customers and users;
publicly available sources such as company websites and LinkedIn. Copado collects certain categories
personal data when you visit our website.
5. How we use and share personal data.
Copado uses and shares personal data for the following purposes:
To analyze, improve, and develop Copado products and Services.
To provide our products, Services, events, websites, communities, training, and other business
To process payments.
To manage our relationships with customers, partners, resellers, distributors, event attendees,
investors, and others (which may involve sharing personal data with them).
For marketing, promotions, advertising, and other communications (including customizing those
communications for specific recipients).
To provide a third party (such as an employer) with confirmation or denial of an individual’s claimed
For surveys and other market research.
For security, IT management, and related research.
For evaluation and consideration of job applicants.
To enforce the legal terms that govern our business and commercial relationships (for example, we
may share personal information with the opposing party, judge or arbitrator in a dispute).
To provide security and business continuity.
To follow the law, or in other cases where we believe that using or disclosing the data is appropriate to
protect the rights, safety, and property of Copado or others (for example, when required to make
disclosures in response to lawful requests by public authorities, such as to meet national security or
law enforcement requirements).
For an actual or contemplated business sale, merger, consolidation, change in control, transfer of
substantial assets, or reorganization, or due diligence in anticipation of such an event (for example, if a
company were to acquire Copado, it may also acquire the personal data we hold).
For other purposes requested or permitted by our customers or users.
For those purposes, we may share personal data with the following categories of third parties, for example:
Our affiliated entities;
third parties that assist us, such as our partners, event providers, payment processors, marketing providers, testing providers, analytics providers, providers of technical services (e.g., providers of data
storage, data backup, and CRM systems), and other vendors or subcontractors;
joint marketing partners;
employers and others who seek verification of an individual’s claimed certification status;
entities involved in dispute resolution (such as an arbitrator or an opposing party);
entities involved in potential or actual significant corporate transactions or events (such as those described in the second-to-last item in the list of uses and disclosures above); and
These uses and disclosures are also subject to our contractual obligations.
6. What is the legal basis that applies to our use of personal data?
The laws in some jurisdictions require data controllers to tell you about the legal grounds that allow them to use or disclose your personal data. Where those laws apply, our legal grounds are:
Legitimate Business Interests: We handle personal data because it furthers the legitimate business interests of Copado (or of our customers, business partners, or suppliers) in the activities we engage into run our business and provide you with Services, including those listed below, and because that handling of data does not unduly impact your interests, rights, and freedoms:
Providing cybersecurity and managing information technology assets;
Protecting business activities, individuals, and property;
Providing customer service;
Assessing employment candidates;
Marketing and advertising (including sending certain direct marketing);
Analyzing and improving business activities;
Managing risks and legal issues.
To perform contractual commitments: Some of our handling of personal data is necessary to meet our contractual obligations to individuals, or to take steps at the person’s request because we are planning to enter into a contract with him/her. For example, when we process an individual’s payment data for
a certification examination, we are relying on this basis.
If the law requires consent, and in some other cases, we handle personal data on the basis of consent. For example, we conduct some of our direct marketing on the basis of consent.
If the law requires explicit consent, we use personal data on that basis.
If the law allows, we may be able to infer consent from the circumstances.
Legal compliance: We sometimes need to use and disclose personal data to comply with our legal obligations.
Legal claims: Sometimes we use or disclose personal data because it is necessary to establish, exercise, or defend legal claims.
7. What Personal Data rights and choices (including direct marketing opt-out) are available?
We offer the options below for exercising your rights and choices about how we use your personal data. Many of these are subject to important limits or exceptions under applicable laws.
You may review and update certain information by logging into the relevant Copado websites or online services.
The law of your jurisdiction (for example, within the United Kingdom, Switzerland and European Economic Area (“EU”) may give you additional rights to request access to, correction of, or deletion of certain personal data we store. In some cases, you may be entitled to receive a copy of the personal data you provided to us in portable form or to request that we share it with a third party. The law may also give you the right to request restrictions on the use of your personal data, to object to our use of your personal data, or to withdraw your consent to use your personal data (which will not affect the legality of any processing that happened before your request takes effect). Section 15 below explains how to make these requests.
For example, people who live in the United Kingdom or EU (and certain other people) have the right to opt out of our use of personal data for direct marketing. They can exercise their rights to opt out, or to object to other processing, by contacting us as described below.
If you are located in the United Kingdom, EU or Switzerland and you have a data privacy or data use concern that you feel has not been fully addressed, you have the right to contact the relevant UK or EU data protection authority or the Swiss Federal Data Protection and Information Commissioner, as applicable.
Our marketing email messages, and certain other communications include instructions about how to unsubscribe, which you can use to limit or stop those communications. Opt-out processes may take some time to complete, but we will work to meet your request as quickly as possible. You cannot opt out of certain communications (such as account related or billing related communications.)
You can exercise opt-out rights, object, or withdraw consent in relation to our use of certain cookies
and certain similar technologies as described in Section 9 below.
For information about Californians’ privacy rights under California law, please see Section 13 below.
You may contact us with any concerns or complaints regarding our privacy practices, and you also may submit a complaint to the relevant governmental authority. For your protection, we will only implement requests with respect to personal data after we have verified your identity to our satisfaction, taking into consideration the nature of your request.
8. Does the personal data go to other countries?
to recognize the devices,
to improve your use of our website and services,
to prevent fraud,
to provide services, and for record-keeping, analytics, and marketing.
This information may include unique browser identifiers, IP address, browser and operating system information, device identifiers (such as the Apple IDFA or Android Advertising ID), geolocation, other device information, Internet connection information, as well as details about your interactions with our apps, websites, and emails (for example, the URL of the third-party website from which you came, the pages on our website that you visit, and the links you click on in our websites). We use third party tools, such as Google Analytics, Hotjar, and G2 Crowd, to obtain information on how visitors are interacting with our Services. These tools collect information about the performance of our site and how visitors navigate around and interact with our web pages, which allows us to evaluate and further improve or optimize our web pages. For more information on these third party tools, please click here:
more information and more about Hotjar's data processing, please
G2 Crowd - https://www.g2.com/static/privacy.
We and third parties may use these automated means to read or write information on your devices, such as in various types of cookies and other browser-based or plugin-based local storage (such as HTML5 storage or Flash-based storage), or to collect pieces of information that together may uniquely identify your device.
These technologies help us:
Keep track of whether you are signed in or have previously signed in so that we can display all the features that are available to you.
Remember your settings on the pages you visit so that we can display your preferred content the next time you visit.
Display personalized content.
Perform analytics, measure traffic and usage trends, and better understand the demographics of our users.
Diagnose and fix technology problems.
Plan for and enhance our business.
Also, in some cases, we assist with the collection of information by advertising services provided by third parties. The ad services may track your online activities over time by collecting information through automated means such as cookies, and they may use this information to show you ads that are tailored to your individual
interests or characteristics and/or based on your prior visits to certain sites or apps, or other information we or they know, infer, or have collected from the users like you.
For example, we and these services may use different types of cookies, other automated technology, and data
Recognize users and their devices.
Inform, optimize, and serve ads.
Report on our ad impressions, other uses of ad services, and interactions with these ad impressions and ad services (including how they are related to visits to specific sites or apps).
Please visit your mobile device manufacturer’s website (or the website for its operating system) for instructions on any additional privacy controls in your mobile operating system, such as privacy settings for device identifiers and geolocation. Please note, however, that we do not respond to browser-based privacy
signals (such as do-not-track) at this time.
8. How long does Copado store personal data?
9. How do we provide security for personal data that we handle and store?
Copado takes the security of data seriously and although we cannot guarantee that data that we collect can be protected from all possible threats, Copado has put in place physical, technical, and administrative safeguards designed to protect your data.
10. How do we handle information that is not personal data?
Our use and disclosure of non-personal data is not subject to this Policy, however, if you or your employer has entered into a contract or non-disclosure agreement with us, confidential non-personal data will always be protected from disclosure as provided for in the applicable agreements. If applicable law and our contractual
obligations allow, we may aggregate or de-identify your personal data so that the information cannot be linked to you. Our standard terms and conditions contain typical confidentiality terms and may be viewed on our website here: https://www.copado.com/company-legal-agreements/
11. Other Web Sites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over other websites. Therefore, we cannot be responsible for the protection of any information provided while visiting such websites, and such websites are
12. Children's Privacy
We do not knowingly collect personal data from children under the age of 18. By accessing our website or
initiating any communication with us, you represent that you are at least 18 years old.
13. YOUR RIGHTS UNDER DATA PRIVACY LAWS.
The California Consumer Privacy Act (“CCPA”), GDPR, and other data privacy laws may provide additional
rights to residents of applicable jurisdictions regarding information collection and use practices.
13.1 Categories of personal information collected.
We identify below the categories of personal information that we have collected about our users in the last 12 months:
Customer Records Information
Internet or Other Electronic Network Activity Information
Professional or Employment-related Information
For more detail on the information we collect, including the sources we receive information from and the categories of third parties with whom it is shared, please refer to our Information Collection Practices above. We collect and use these categories of personal information for the business purposes described in the
Information Collection Practices section above.
13.2 Categories of personal information shared.
We identify below the categories of personal information that we have provided to our partners for a business
purpose in the last 12 months:
Customer Records Information
Internet or Other Electronic Network Activity Information
Professional or Employment-related Information
Copado does not sell personal information to any third party for monetary consideration, and has not sold Personal Information in the past 12 months.
13.3 Rights of data subjects.
Residents of California, the European Union, and other jurisdictions may be entitled to the following rights under the applicable law. To exercise any of the rights, please submit a request to the email address or call our toll-free number set forth in Section 13. In the request, please specify which right you are seeking to exercise
and the scope of the request. We will confirm receipt of your request within 10 days. We may require specific
information from you to help us verify your identity and process your request. If we are unable to verify your
identity or process your request for legal or archival reasons, we may deny your requests and will inform you
of our reason for doing so.
A. Right to Know. You have the right to know certain details about our data practices in the past 12
months. In particular, you may request the following from us:
The categories of personal information we have collected about you;
The categories of sources from which the personal information was collected;
The categories of personal information about you we disclosed for a business purpose or sold;
The categories of third parties to whom the personal information was disclosed for a business purpose
The business or commercial purpose for collecting or selling the personal information; and
B. Right to Access, You have the right to review or obtain a copy of the specific categories of personal information we have collected about you.
C. Right to Delete. You have the right to request that we delete the personal information we have collected from you. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your request to delete. Please note that your right to deletion of Personal Information is subject to certain exceptions by law.
If you submit a request for deletion and we retain any Personal Information under one or more of these exceptions, we will explain this to you in our response.
D. Right to Non-discrimination. You have the right not to receive discriminatory treatment by us for exercising any of your rights.
E. Authorized Agent You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.
15. How to contact us.
If you have any questions or wish to exercise your rights under the GDPR, the CCPA, or other applicable privacy laws, you may send notice by email to Copado at privacy@Copado.com or if you are in the United
States you may call our toll free telephone number: 1-(888) 210-4282. You may also send a written notice to us at one of the following addresses:
Attn: Legal Dept.
20 W. Kinzie Street, Chicago IL 60654
Copado Netherlands B.V.
Attn: Legal Dept.
Barbara Strozzilaan 201, 1083 HN Amsterdam