Much of the data that Civis processes comes from our clients and from various public sources. Our clients’ data is the sole property of our clients, and the rights we have in our clients’ data are the rights that they grant to us. We do not often collect personal data from individuals directly; rather we apply our data science methods to existing data sets from a variety of sources. When we process data on behalf of others, we use and share that data at our clients’ request. Such personal data is subject to the privacy policies of the entity that collected or shared the data with us.
The Information We Collect About Individuals
We collect information about you in the following ways:
From Third Parties: This may include information about you that we license from private sources, obtain from public sources, or receive from clients and users of our services. Examples of public sources include census information, real property records, court records, assessor information, tax rolls, telephone directories, and web directories and information. As for information we receive from clients, an example may be that a retail client has information about your visits, purchases, returns, deliveries, coupons, loyalty club participation, etc. When we work with such a client, we may use that information in combination with other data.
Whenever we use any third-party owned data we rely on that third party to tell us how their own privacy policies limit our use of personal data, consistent with our contracts with that third party. These third parties are responsible for determining the privacy and protection of their data, and any inquiries about the use of your data by that third party should be directed to them in those cases that Civis is not the controller of the data. We’ll let you know when your inquiries should be directed to a third party.
Automatically when you visit our site or use our services: This information can vary depending on your browser and device settings, but it could include the content you view on our site or services; the date and time of your access; how long you use our site or services; the type of web browser you are using (for example, Chrome, Safari, Firefox); the type of device you are using (for example, whether you’re on a mobile phone); and your Internet Protocol address (which is a unique set of numbers to identify devices connected to a network). See the section below titled Cookies and Tracking for more information.
We may combine information from all of these sources.
Civis does not respond to “do not track” and similar signals from browsers.
How We Use Information
Data science involves the use of complex math analysis across large data sets to unearth correlations and insights in the data. The truth of the mathematical correlations in the data may not reflect actual causation in particular cases, but these insights empower users of our site or services to focus messages on desired audiences. Civis does not subject data subjects to decisions that have legal effects on persons due solely to automated processing of personal data. While we may help our clients identify desired audiences, the messages they convey to these audiences are their responsibility; our clients don’t speak for us and we don’t speak for our clients.
Civis uses personal data mainly for our clients’ purposes. When we use personal data for our purposes, we do so to improve our data science practices and our business. In these circumstances, we may collect personal data with your consent or for purpose that are necessary for Civis’ legitimate interest in the analysis of complex data sets to hone our algorithms and increase their ability to derive actionable insights for our clients.
We may also use personal data to monitor and protect our business, perform security screenings, to investigate, prevent, or take action relating to illegal activities, violations of our policies, and for other business purposes discussed in this Policy.
We may use personal data in the following additional ways:
How We Share Personal Data
We may share personal data with third party companies to provide technologies, services, or content to our clients or particular individuals. Civis may also remove personally identifying data to create anonymous data.
We may also share personal data in responding to requests from law enforcement officials, government bodies or judicial authorities, in addressing matters of personal or public safety, national security, litigation, investigations (including data security incident investigations), and other legal matters where the data is pertinent. In the event of a sale, transfer or reorganization of Civis, or of some of our assets or lines of business, or in the context of related business negotiations, Civis may also share personal data with the relevant parties. Civis also uses personal data for its historical, statistical, and business planning purposes.
We store personal data for different periods of time consistent with the purposes for which it was originally collected, as subsequently further authorized, or when required or allowed under applicable law.
Choice and Control
As described above, much of the personal data that we analyze belongs to third parties, and Civis does not have the right to provide anyone with access to that personal data, except as described in this Policy and as allowed by the third party owner. Subject to the rights of these other parties who own the personal data, you may be able to review, modify, or request the removal of personal data we collect about you. Certain information may be retained, however, to satisfy legal obligations.
If you send us a written request to access your personal data or to remove yourself from a database, and we are the Data Controller, we will comply with your request within 30 days of receiving your request. If we are the Data Processor, we will forward your request to the appropriate third party Data Controller, which in many cases will be our customer. In the event that the third party Data Controller is unable or unwilling to remove your data from their database, we remain committed to helping you control the use of your personal data; if we maintain a separate copy of that third party’s database that you want to be removed from, we will attempt to honor your request nonetheless and remove you from our copies of that database. So, while we can’t control the actions of third party Data Controllers, we will do what we can to help you maintain your privacy and your request will at least be honored by us.
Here are some others ways you can control the use of your data:
Please note that even if you opt out of receiving marketing communications from us, we may still send you communications about your account or any products or services you have purchased from us, and we will still respond to your inquiries and requests for information. EU residents will not be added to the marketing lists unless they have already provided express affirmative consent consistent with applicable data protection laws.
Cookies and Tracking
Our Privacy Commitments to Employment Applicants
Civis collects information, including personal contact information, education and work history, as well as Social Security numbers in order to process and consider your application. Personal data from applications will not be sold to unaffiliated third-parties for marketing purposes. With your consent, the information on your application may be shared with background check services, our affiliates, and used for certain regulatory, compliance, security, and legal purposes. We may de-identify and anonymize your information and use such anonymous data for internal purposes, such as to review our hiring practices and talent acquisition efforts.
Data Integrity and Accuracy
Civis strives to work with current and accurate personal data; that’s good for you, our clients, and really everybody. We have controls in place to ensure that the information we have is relevant, accurate, and appropriate for the purposes used. If you believe that any data about you is inaccurate, please let us know what you think is wrong with the data. In such instances, if such data is not owned by us, we will let you know that your inquiry should be directed to a third party.
We do not collect personal data from any person we know to be under the age of 13, and we will delete any personal data collected that we later know to be from a person under the age of 13. Our site and services are for general audiences and is not targeted to children under 13 years of age. If you believe a child under the age of 13 has disclosed personal data to us, please contact us at email@example.com and specify the customer and information you believe to be from the child under 13.
Your California Privacy Rights
U.S. – EU Privacy Shield Commitment
Civis is committed to process all data that it receives from the EU in conformity with the principles of the U.S. – EU Privacy Shield. If you are located in the European Economic Area (“EEA”) your personal data may be transferred to countries located outside the EEA, including the United States, which the European Commission has not recognized as having adequate personal data protections. By utilizing the procedures detailed below, EU residents may request access to their personal data and may contact Civis regarding any questions, concerns, disputes, or issues. With respect to its commitment to the Privacy Shield, Civis is subject to the investigatory and enforcement authority of the Federal Trade Commission. If Civis transfers your information to a third party, Civis will be responsible for ensuring that the principles of the U.S. – EU Privacy Shield are honored and may be liable if the third party fails to meet those obligations. Civis has certified its compliance with the Privacy Shield, which you will be able to find here: https://www.privacyshield.gov/list
Any EU resident who is not satisfied with Civis’s compliance with the EU – U.S. Privacy Shield may contact Civis to resolve such complaints at firstname.lastname@example.org or at 200 W. Monroe St., 22nd Floor, Chicago, IL 60606.
In the event of any controversy or claim arising out of or relating to the Privacy Shield, or a claim of a breach of thereof, EU residents agree first to try and settle the dispute by mediation, administered by the International Centre for Dispute Resolution under its Mediation Rules, before resorting to arbitration, litigation, or some other dispute resolution procedure at no cost to the individual. The rules governing these procedures and information regarding how to file a claim free of charge can be found here: http://info.adr.org/safeharbor/
In the event that an individual satisfies the pre-arbitration requirements specified at Annex I Part C of the EU – U.S. Privacy Shield Framework Principles, EU residents may invoke binding arbitration at no cost to the individual pursuant to procedures in Annex I of the EU – U.S. Privacy Shield Framework Principles found here: https://www.privacyshield.gov/EU-US-Framework
Data Access, The Right to be Forgotten, and Dispute Resolution
Individuals in Europe have certain data subject rights which may be subject to limitations and/or restrictions. These rights may include the right to: (i) request access to and rectification or erasure of their personal data; (ii) obtain restriction of processing or to object to processing of their personal data; and (iii) the right to data portability. If you wish to exercise one of the above mentioned rights, please send us your request via email to: email@example.com. We will comply with your request within 30 days of receiving your request. Individuals in Europe may also have the right to lodge a complaint about the processing of their personal data with their local data protection authority.
In addition to the rights above, Civis is committed to providing all individuals with access to their personal data. If you believe that Civis may be processing data about you and wish to have access to that information, we can provide you with that data or at least an explanation of why we cannot do so in the particular context, such as when only our client or vendor, the data controllers, have the right to provide such access, or if responding to the request would be unreasonably expensive. Please also let us know if you have any questions, concerns, disputes, or issues. We are always open to dialogue to resolve issues. If your concerns cannot be resolved, we can enter into appropriate third-party neutral dispute resolution. If you need to reach us about a privacy or data protection issue, please contact us at firstname.lastname@example.org. Please note that we keep our physical locations private due to client confidentiality and security concerns.
The effective date of this policy reflects our most recent material changes to this policy. From time to time, we may make minor changes to the policy, but we will change the effective date and provide notice on our website when major changes are made to our policy.
Effective Date: May 25, 2018