Skip to main content

New!

Avetta has launched Business Risk! Click here

Privacy Policy by Language:

 

Privacy Policy

Last Updated: September 28, 2023

1. SCOPE OF THIS PRIVACY POLICY

This privacy policy (“Privacy Policy”) describes how Avetta, LLC and its worldwide affiliated group companies (“Avetta,” “we,” or “us”) will use your personal data collected when you visit the Avetta websites, application websites and mobile platforms that contain a link to this Privacy Policy (collectively, the “Services”). This Privacy Policy may be supplemented with additional privacy terms or with additional privacy notices in connection with certain features of the Services.

This Privacy Policy does not apply to websites, applications, or mobile platforms that are operated by third parties, even if linked to the Services. For example, the Services also may provide access to social media features, message boards, chat, forums, blogs, profile pages and other services to which you are able to post personal data and materials. The information you post or disclose through these services may be public. Please be careful when disclosing personal data in these public areas. We encourage you to review the privacy policies posted on third-party websites, applications and mobile platforms.

2. CONTROLLER AND PROCESSOR

For the purpose of the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council (“EU GDPR”), the United Kingdom General Data Protection Regulation (“UK GDPR”), and other applicable data protection laws with a framework similar to the EU GDPR, Avetta, LLC is a “data processor” for your personal data when the processing is carried out on behalf of our customers (such as processing of your personal data contained in the prequalification forms), and is a “data controller” when the processing is for Avetta’s own purposes (such as billing, account management, product development, and other legitimate business interests).

You can reach our Privacy Officer via the following means of communication:

Postal Service:

AVETTA, LLC

Attention: Privacy Officer

3300 North Triumph Blvd. Suite 800

Lehi UT 84043, USA

Email: [email protected]

If you are located in the European Economic Area (“EEA”) or the United Kingdom (the “UK”) and have questions about your personal data or would like to request to access, update, or delete it, you may contact our representative at:

Bird & Bird GDPR Representative Services SRL

Avenue Louise 235

1050 Bruxelles

Belgium

[email protected]

Key Contact:

Vincent Rezzouk-Hammachi

 

Bird & Bird GDPR Representative Services UK

12 New Fetter Lane

London

EC4A 1JP

United Kingdom

[email protected]

Key Contact:

Vincent Rezzouk-Hammachi

 

3.  THE DATA WE COLLECT ABOUT YOU

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

Identity Data such as first name, last name, username or similar identifier, title, date of birth, gender, identification number, QR code or badge, and, under limited circumstances and with your express consent, biometric data such as fingerprints or voice data for authentication purposes.

Contact Data such as mailing address, email address, and phone numbers.

Profile Data such as your username and password, photos, enrolled courses and assessments, course results/status, certificates, roles, assigned worksites, associated companies, and account status.

Health Data such as vaccination status, and alcohol and drug screening results, but only if the information is requested by the parties you work with or seek to work with through our Services and you agree to provide the data voluntarily.

Professional Data such as occupation, professional certifications, licenses, training status, course results/status, and work experience.

Location Data such as internet protocol (IP) address, geolocation, and worksite locations.

Transaction Data such as subscriptions associated with your account.

Technical Data such as IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Services.

Usage Data such as information about how you use the Services.

Marketing and Communications Data such as your preferences in receiving marketing materials from us, your communication preferences, and customer support call records.

We also collect, use and share Aggregated Data such as statistical data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data if the data is anonymized and will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature of the Services. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy. You are under no legal obligation to provide Avetta with your personal data; however, in this case we might not be able to provide you with all the Services.

4. HOW IS YOUR PERSONAL DATA COLLECTED?

We use different methods to collect data from and about you including through:

Direct interactions. You or your authorized representatives may give us your data, such as Identity, Contact, Profile, Health, Professional, and Marketing and Communications Data by filling in forms or by corresponding with us by phone, email or otherwise. This includes personal data you provide when you:

  • Create an account with us.
  • Complete the prequalification forms.
  • Upload documentation requested by the parties you work with through our Services.
  • Participate in the events and activities hosted by us.
  • Give us feedback or contact us.

Automated technologies or interactions. As you interact with the Services, we will automatically collect Location, Usage, and Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our Cookie Policy for further details.

Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:

  • Identity, Contact, and Professional Data from verification services and data enrichment providers, such as greenID, ZoomInfo, 6sense, or similar vendors, and from publicly available sources, such as the government document verification services provided by the Australian Government.
  • Identity, Contact, Profile, Health, Professional, Location, and Transaction Data submitted to us by your employer(s) or other companies you or your employer(s) work with.
  • Technical and Usage Data from analytics providers such as Google.
  • Contact and Transaction Data from providers of technical and payment services.

5. HOW WE PROCESS YOUR PERSONAL DATA

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to fulfill the contract(s) we are about to enter into or have entered into with our customers.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.

The table below describes in more detail the purposes and legal bases of our processing activities and what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

 

Purposes for which we process your personal data Categories of personal data processed Legal basis for processing including basis of legitimate interest
To register you as a user of the Services, either as an authorized user of a client or a supplier
  • Identity
  • Contact
  • Profile
  • Location
(i) Your consent or (ii) where we do not obtain your consent, our legitimate interests (to fulfill our contracts with our customers).
To assess your eligibility pursuant to the requirements by the parties you work with or seek to work with through our Services
  • Identity (which may include biometric data under limited circumstances)
  • Contact
  • Profile
  • Health Data (if required by our customers)
  • Professional
  • Location
For biometric data (such as fingerprints to access a worksite), your consent.
For Health Data, your consent.
For other categories of personal data, (i) your consent or (ii) where we do not obtain your consent, our legitimate interests (to fulfill our contracts with our customers).
To assist our users in soliciting, bidding for, or completing a transaction or order
  • Identity
  • Contact
  • Professional
  • Location
  • Transaction
(i) Your consent or (ii) where we do not obtain your consent, our legitimate interests (to fulfill our contracts with our customers).
To contact you about your account or tasks to complete and to manage our relationship with you such as notifying you about changes to the Services or our terms and asking you for your feedback or comments
  • Identity
  • Contact
  • Profile
  • Location
  • Transaction
  • Marketing and Communications
Necessary for our legitimate interests (to perform our contracts with our customers, keep our records updated, and improve our Services and support).
To verify your identity and account when you contact our customer support team
  • Identity (which may include biometric data if opted in)
  • Contact
Your consent.
To provide and improve our Services and support and develop new products
  • Identity
  • Contact
  • Profile
  • Professional
  • Location
  • Technical
  • Transaction
  • Usage
Necessary for our legitimate interests (to provide and improve the Services and our support).
To test new products and services (e.g. Beta testing)
  • Identity
  • Contact
  • Profile
  • Health Data (if required by our customers who have opted in the testing)
  • Professional
  • Location
  • Transaction
  • Technical
  • Usage
For Health Data, your consent.
For other categories of personal data, (i) your consent or (ii) where we do not obtain your consent, our legitimate interests (to develop and improve our Services).
To deliver relevant content and marketing materials to you and measure or understand the effectiveness of our marketing strategy
  • Identity
  • Contact
  • Professional
  • Location
  • Transaction
  • Technical
  • Usage
  • Marketing and Communications
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy).
To deliver targeted advertising to visitors of our website (through cookies and other tracking technologies) and measure or understand the effectiveness of the advertising we serve
  • Identity (such as device identifiers)
  • Location (such as approximate device location)
  • Technical
  • Usage
(i) Your consent or (ii) where we do not obtain your consent, our legitimate interests (to grow our business and to inform our marketing strategy).
To provide you with features on the Services such as sharing content with a colleague
  • Identity
  • Technical
  • Usage
Necessary for our legitimate interests (to improve and promote our Services and support).
To invite you to participate in surveys, sweepstakes, competitions and similar promotions
  • Identity
  • Contact
  • Professional
  • Transaction
Necessary for our legitimate interests (to improve and promote our Services).
To aggregate information in order to anonymize it for data analysis, audits, developing new products, enhancing the Services, identifying usage trends and determining the effectiveness of our promotional campaigns
  • Identity
  • Contact
  • Professional
  • Transaction
  • Technical
  • Usage
Necessary for our legitimate interests (to improve our Services and support).
To use data analytics to improve our Services, marketing, customer relationships and experiences
  • Transaction
  • Technical
  • Usage
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our products updated and relevant, to develop our business and to inform our marketing strategy).
To prepare or implement reorganization or sale of assets or shares Potentially all categories of data as described in Section 3. Our legitimate interests (to prepare and complete corporate transactions).
To administer and protect our business and the Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data), and prevent and detect security threats, fraud or other malicious activity
  • Identity
  • Contact
  • Profile
  • Location
  • Transaction
  • Technical
  • Usage
Our legitimate interests (to improve and maintain the Services, and to protect our business).
To comply with our legal obligations, respond to government or judicial requests for information (including in the context of private litigation), resolve disputes, and enforce our agreements Depending on the legal obligations. Compliance with a legal obligation.

 

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

6. DISCLOSURES OF YOUR PERSONAL DATA

We may share your personal data with the parties set out below for the purposes set out in the table above.

 

Categories of Data Recipients Description
Group Affiliates
For further information, please visit https://www.avetta.com/privacy/processors.
Members of the affiliated group of Avetta (including Pegasus Safety & Training Pty Ptd based in Australia and Avetta Do Brasil Tecnologia da Informação Ltda. based in Brazil).
The affiliates and subsidiaries of Avetta, LLC, are data processors and provide IT and system administration, customer services, software development services, payment services, and other data processing services.
Service Providers and Contractors to Avetta
For further information, please visit https://www.avetta.com/privacy/processors.
Cloud service providers based in Australia, Canada, Germany, Ireland, the UK, and the US.
Providers of software development services, IT and system administration, internal audit functions, quality assurance, customer support, document review services, maintenance services, and other administrative and processing services based in Australia, India, South Africa, the Philippines, and the US.
Providers of compliance tools, such as OneTrust (based in the US), and business credit reports and sanction lists screening services, such as CreditSafe (based in multiple jurisdictions).
Providers of communication tools such as Zoom (based in the US) and Microsoft Teams (based in the US).
Analytical service providers such as Google (based in the US).
Verification service providers such as greenID (based in Australia).
Providers of data processing tools such as Chekrite (based in Australia).
Providers of customer relationship management tools such as Salesforce (based in the US).
Marketing service providers such as Marketo (based in the US).
Independent agents, representatives, and consultants globally to support our business.
Users of the Services Suppliers and clients in the network of the Services who you work with or seek to work with through our Services.
Other Recipients Third parties to whom we may choose to sell, transfer, or merger parts of our business or our assets.
Third parties that we may acquire.
Third parties if we expressly told you about such potential disclosure in our agreement(s) with you, or at the point at which you submitted the personal data to us.
Third parties we need to disclose your personal data to in order to: (i) respond to or comply with any law, regulation, subpoena or court order, or government or judicial request (including in the context of private litigation); (ii) investigate and help prevent security threats, fraud or other malicious activity; (iii) enforce and protect the rights and properties of Avetta; or (iv) protect the rights or personal safety of our employees and third parties on or using our property. We may disclose your personal data to domestic or foreign government or public authorities in any of the countries in which we operate in order to respond to inquiries or requests or as otherwise required by law or legal process, including to meet national security or law enforcement requirements.

 

7. COOKIES AND OTHER TRACKING TECHNOLOGIES

We may automatically collect information through the use of cookies or similar technologies, such as web beacons. Some content or functions of our Services are served by third parties. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use the Services. The information they collect may be associated with your personal data or they may collect information, including personal data, about your online activities over time and across different websites and other online services. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Services may become inaccessible or not function properly. For more information about the cookies, please see our Cookie Policy.

8. DO NOT TRACK DISCLOSURE

Our Services do not respond to Do Not Track signals. You may, however, disable certain tracking as discussed in our Cookie Policy, such as by disabling cookies.

9. CHILDREN'S PRIVACY

We do not knowingly collect personal data from children under the age of 18 and we do not target our Services to children under 18.

10. YOUR CHOICES AND SELECTING YOUR PRIVACY PREFERENCES

If you are a user of the Services, you can manage available communications preferences when you register with the Services (including by providing your opt-in consent, where required), by updating your account preferences.

In certain cases, we are able to send you direct marketing messages without your consent. Nonetheless, you have a right to ask us not to process your personal data for such purposes. You can exercise this right by using the “opt-out” or unsubscribe mechanism provided in the communication. However, please note that we may continue to send transactional or relationship messages (such as account notifications) after you opt out of direct marketing messages.

11. YOUR RIGHTS

You may request a copy of and correct the personal data that we hold about you. Under certain circumstances, you may have the right to object to the processing of your personal data or to have it erased. If the Services allow registered users to access their registration information and make corrections or updates, the accuracy of such information is solely the responsibility of the user.

You have the right to withdraw your consent at any time where we use your personal data on the basis of your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

In addition, if you are located in the EEA or the UK, you may have the following additional rights:

  • Right of access (Art. 15 GDPR)

You have the right to obtain from us confirmation as to whether and which data we process about you, for which purposes, how long we process them, who may receive the data and where they originate from. You do not have such a right in exceptional cases, i.e. where your requests are excessive.

  • Right to rectification (Art. 16 GDPR)

You generally have the right to request that we rectify inaccurate data, including the right to have incomplete data completed.

  • Right to erasure/Right to be forgotten (Art. 17 GDPR)

You have the right in particular cases to request that we erase your data, e.g. if the data is no longer necessary in relation to the purposes for which it was collected, or if you have objected to the processing. This does not apply in exceptional cases, e.g. if the further processing is necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims.

  • Right to restriction of processing (Art. 18 GDPR)

You may ask us to restrict our use of your personal data where, for example, we no longer need your personal data for the purposes of which we are using it, but it is required by you for the establishment, exercise or defense of legal claims.

  • Right to data portability (Art. 20 GDPR)

You can request a machine-readable copy of personal data that you have provided to us, which can be transmitted to another service provider where technically feasible. This only applies to personal data that we use by automatic means, and on the basis of your consent or our performance of a contract with you.

  • RIGHT TO OBJECT (ART. 21 GDPR)

To the extent that we are relying upon legitimate interest as a legal basis to use your personal data, or to the extent we process your personal data for direct marketing purposes, you have the right to object to such use on grounds relating to your particular situation, at any time. However, we cannot always comply with this, e.g. if legal provisions oblige us to process data within the scope of our official duties.

  • Right to lodge a complaint (Art. 77 (1) GDPR)

You also have the right to lodge a complaint with the competent supervisory authority, in particular in your member state of residence, if you consider that our use of your personal data violates applicable data protection law.

To protect your privacy and security, we may take reasonable steps to verify your identity whenever you have requested to exercise your rights. To view and change the personal data that you directly provided to us, you can return to the webpage or application where you originally submitted your personal data and follow the instructions on that webpage or application, or contact us at the address listed below.

For further information regarding your rights, or to exercise any of your rights, please contact us at [email protected].

12. DATA RETENTION AND SECURITY

We store information about you in computer systems and databases operated by either us or our external service providers.

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.  In some circumstances we will anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

The security of your personal data is important to us. We use a variety of data security measures intended to ensure the confidentiality and integrity of your personal data. However, unfortunately no data transmission over the Internet or data storage system is 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us at [email protected].

13. CHANGES TO THIS PRIVACY POLICY

If we modify this Privacy Policy to reflect changes to our information practices, we will post the revised version here, with an updated revision date. We encourage you to periodically review this page for the latest information on our privacy practices.

14. INTERNATIONAL DATA TRANSFER

For the purposes described above, your personal data may be transferred to recipients mentioned in Section 6 and to the United States and other jurisdictions that may not be deemed to provide the same level of data protection as your home country, although our collection, storage and use of your personal data will continue to be governed by this Privacy Policy.

When transferring personal data outside the EEA or the UK, we:

(i)  ensure that the country in which your personal data will be handled has been deemed “adequate” by the European Commission or the UK, as applicable;

(ii)  include in our contracts the Standard Contractual Clauses approved by the European Commission (as applicable) for transferring personal data from the EEA or the UK, and additionally the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (the “UK Addendum”) for transferring personal data from the UK; or

(iii)  rely on other legally compliant mechanisms or conditions for such data transfer.

You can find out further information about the rules on data transfers outside the EEA and the UK, including the mechanisms that we rely upon, on the European Commission website here and the UK’s Information Commissioner’s Office website here.

For data transfers to the United States, Avetta has elected to self-certify to the EU-US Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework administered by the US Department of Commerce. For further information, please refer to our Data Privacy Framework Notice, which is available here.

If the applicable data protection laws have prescribed additional requirements or modified the existing mechanisms for cross-border data transfers, we will take appropriate measures, including working with our customers (such as your employers), to implement the requirements or update the transfer mechanisms to enable the lawful transfer of your personal data outside your home country.

15. LOCAL LAWS AND REGULATIONS

While this Privacy Policy is designed to deliver consistent and efficient information on a global basis with a specific focus on the EU GDPR and UK GDPR, all information will always be processed in accordance with applicable local law. For more details on the local laws and regulations applicable to your home jurisdiction, please see Appendix I of this Privacy Policy.

16. HOW TO CONTACT US

If you have comments or questions about this Privacy Policy or our processing of your information, please contact:

AVETTA, LLC
Attention: Privacy Officer

3300 North Triumph Blvd. Suite 800

Lehi UT 84043, USA

Email: [email protected]

 

Our data protection representatives within the EEA and the UK are as follows:

 

Representative Region Contact
Bird & Bird GDPR Representative Services SRL EEA Avenue Louise 235
1050 Bruxelles
Belgium
[email protected]
Key Contact:
Vincent Rezzouk-Hammachi
Bird & Bird GDPR Representative Services UK UK 12 New Fetter Lane
London
EC4A 1JP
United Kingdom
[email protected]
Key Contact:
Vincent Rezzouk-Hammachi

 

Individuals within the EEA or the UK can contact us directly (see above) or contact the respective representative.

Appendix I: Jurisdiction Specific Terms

United States - Notice to California Residents

 

Last Updated: September 28, 2023

This notice to California residents supplements solely to the visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA”). Any terms defined in the CCPA have the same meaning when used in this notice.

Information We Collect

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:

  • Publicly available information from government records.
  • Deidentified or aggregated consumer information.
  • Information excluded from the CCPA’s scope, like:
    • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data, or other qualifying research data;
    • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:

 

Category Examples Collected
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some personal information included in this category may overlap with other categories.
YES
C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). YES (to the extent the data is requested to be collected by our customers)
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. YES (to the extent personal data is contained in the transaction data)
E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. NO (unless you contact our customer support team and give us your express consent to use your voice to authenticate your identity)
F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. YES
G. Geolocation data. Physical location or movements. YES
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. YES (if you upload a profile photo or if you participate in recorded meetings or calls)
I. Professional or employment-related information. Current or past job history or performance evaluations. YES
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. NO
K. Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. NO (with respect to our users)
YES (with respect to business prospects)
L. Sensitive personal information Government identifiers (social security, driver’s license, state identification card, or passport number); complete account access credentials (user names, account numbers, or card numbers combined with required access/security code or password); precise geolocation; racial or ethnic origin; religious or philosophical beliefs; union membership; genetic data; mail, email, or text messages contents; unique identifying biometric information; health, sex life, or sexual orientation information. YES (to the extent the data is requested to be collected by our customers or if you contact our customer support team and give us your consent to use your voice to authenticate your identity)

 

As described in Section 4 of the Privacy Policy, we obtain the categories of personal information listed above from the following categories of sources:

  • Direct interactions with you.
  • Automated technologies or interactions.
  • Third parties or publicly available sources.

Use of Personal Information

We may use or disclose the personal information we collect for one or more of the following purposes:

  • To register you as a user of the Services, either as an authorized user of a client or a supplier.
  • To assess your eligibility pursuant to the requirements by the parties you work with or seek to work with through our Services.
  • To assist our users in soliciting, bidding for or completing a transaction or order.
  • To contact you about your account or tasks to complete and to manage our relationship with you such as notifying you about changes to the Services or our terms and asking you for your feedback or comments.
  • To verify your identity and account when you contact our customer support team.
  • To provide and improve our Services and support and develop new products.
  • To test new products and services (e.g. Beta testing).
  • To deliver relevant content and marketing materials to you and measure or understand the effectiveness of our marketing strategy.
  • To deliver targeted advertising to visitors of our website (through cookies and other tracking technologies) and measure or understand the effectiveness of the advertising we serve.
  • To provide you with features on the Services such as sharing content with a colleague.
  • To invite you to participate in surveys, sweepstakes, competitions and similar promotions.
  • To aggregate information in order to anonymize it for data analysis, audits, developing new products, enhancing the Service, identifying usage trends and determining the effectiveness of our promotional campaigns.
  • To use data analytics to improve our Services, marketing, customer relationships and experiences.
  • To prepare or implement reorganization or sale of assets or shares.
  • To administer and protect our business and the Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data), and prevent and detect security threats, fraud or other malicious activity.
  • To comply with our legal obligations, respond to government or judicial requests for information (including in the context of private litigation), resolve disputes, and enforce our agreements.
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA.

As stated above, if you contact our customer support team, we may collect voice data for authentication purposes but only after obtaining your express consent. Please note that any other sensitive personal information we collect from individuals is strictly used to fulfill our contracts with our customers that the individuals work for and for purposes permitted under the CCPA. We do not process any sensitive personal information to infer characteristics about the individuals.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Retention of Personal Information

As stated in Section 12 of the Privacy Policy, we will only retain your personal information for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. In some circumstances we will anonymize your personal Information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Disclosure of Personal Information

We may disclose your personal information to third parties for business purposes. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, we have disclosed personal information for a business purpose to the categories of third parties indicated in the chart below.

We do not sell personal information for any monetary consideration. However, we sometimes use tracking technologies on our website for advertising purposes, which may be considered “selling” or “sharing” of your personal information under the CCPA. In the preceding twelve (12) months, we may have sold or shared the following categories of personal information to the categories of third parties indicated in the chart below.

We do not sell or share personal information about individuals who we know are under age 16, and we do not sell or share personal information that our customers have submitted to us in the course of using our SaaS services.

 

Personal Information Category Category of Third-Party Recipients
Business Purpose Disclosures Sale or Sharing
A: Identifiers.
  • Service providers for cloud services, software development, IT and system administration, internal audit functions, quality assurance, customer support, document review services, maintenance services, other administrative and processing services, and professional services (collectively, the “Essential Service Providers”)
  • Compliance tool providers
  • Communication tool providers
  • Data analytics providers
  • ID verification providers
  • CRM providers
  • Marketing service providers
  • Suppliers and clients in the network of the Services who you work with or seek to work with through our Services (collectively, the “Clients and Suppliers”)
  • Marketing/advertising service providers (such as online/device identifiers, IP addresses, and other similar identifiers)
B: California Customer Records personal information categories.
  • Essential Service Providers
  • ID verification providers
  • Clients and Suppliers
N/A
C: Protected classification characteristics under California or federal law.
  • Essential Service Providers
  • ID verification providers
  • Clients and Suppliers
N/A
D: Commercial information.
  • Essential Service Providers
  • ID verification providers
  • Clients and Suppliers
N/A
E: Biometric information.
  • Communication tool providers (if you contact our customer support team and give us your express consent to use your voice to authenticate your identity)
N/A
F: Internet or other similar network activity.
  • Essential Service Providers
  • Compliance tool providers
  • Communication tool providers
  • Data analytics providers
  • ID verification providers
  • CRM providers
  • Marketing service providers
  • Clients and Suppliers
  • Marketing/advertising service providers (such as browsing history, online behavior, and interactions with our and other websites)
G: Geolocation data.
  • Essential Service Providers
  • Compliance tool providers
  • Communication tool providers
  • Data analytics providers
  • ID verification providers
  • CRM providers
  • Marketing service providers
  • Clients and Suppliers
  • Marketing/advertising service providers (such as approximate device location)
H: Sensory data.
  • Essential Service Providers
  • Communication tool providers
N/A
I: Professional or employment-related information.
  • Essential Service Providers
  • ID verification providers
  • Clients and Suppliers
N/A
J: Non-public education information. N/A N/A
K: Inferences drawn from other personal information.
  • Essential Service Providers 
  • Data analytics providers
  • CRM providers
  • Marketing service providers
  • Marketing service providers (such as site visitors’ preferences and characteristics)
L: Sensitive personal information
  • Essential Service Providers
  • Compliance tool providers
  • Communication tool providers
  • ID verification providers
  • CRM providers
  • Clients and Suppliers
N/A

 

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Right to Know and Data Portability

You have the right to request that we disclose certain information to you about our collection and use of your personal information (the “right to know”). Once we receive your request and confirm your identity, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting, selling, or sharing that personal information.
  • The categories of third parties with whom we disclose that personal information.
  • If we sold/shared or disclosed your personal information for a business purpose, two separate lists disclosing:
    • Selling/sharing, identifying the personal information categories that each category of recipient purchased/received; and
    • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
  • The specific pieces of personal information we collected about you (also called a data portability request).

Right to Correct

You have the right to request us to correct any inaccuracies in any personal information we maintain about you, taking into account the nature of the personal information and the purposes of the processing of the personal information (the “right to correct”). Once we receive your request and confirm your identity, we will review the contested personal information and may request additional documentation from you to validate your request. We will use commercially reasonable efforts to correct any confirmed inaccuracies, or otherwise process your request in accordance with the CCPA.

We may deny your request to correct if there are reasonable grounds to believe that the request is fraudulent or abusive.

Right to Delete

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • Complete the transaction for which we collected the personal information, provide the service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill our obligations under applicable law, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers, contractors, and third parties to take similar action.

Exercising Your Rights to Know, Correct, or Delete

To exercise your rights to know, correct, or delete described above, please submit a request by emailing us at [email protected].

Only you, or someone legally authorized to act on your behalf, may make a request to know, correct, or delete related to your personal information.

You may only submit a request to know twice within a 12-month period. Your request to know, correct, or delete must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

You do not need to create an account with us to submit a request to know or delete. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.

We will only use personal information provided in the request to verify the requestor’s identity or authority to make it.

Response Timing and Format

We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact [email protected].

We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.

If you have an account with us, we may deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Right to Opt-out of Sale/Sharing – Notice of Right to Opt-out of Sale/Sharing

You have the right to opt-out of sale or sharing of your personal information with third parties for cross-context behavioral advertising (the “right to opt-out”).

You can exercise the right to opt-out by enabling an opt-out preference signal on your browser or device. We process the signal in a frictionless manner, as long as the signal is in a format commonly used and recognized by businesses. We treat the opt-out preference signal as a valid request to opt-out sale/sharing for the browser or device and any consumer profile (pseudonymous profiles) associated with that browser or device. You may need to install an extension/application to your browser/device to implement the opt-out preference signal. Providers of the platform, technology, or mechanism that sends the signal typically will disclose to consumers that the signal is meant to have the effect of opting consumers out of sale/sharing of their personal information.

You can also exercise the right to opt-out by utilizing the Cookie Settings on our website to reject cookies that could be used for marketing and behavioral advertising purposes, which may include social media cookies, targeting cookies, and performance cookies. If you visited our website previously but did not opt-out of sale/sharing during your visit, you may need to clear the cookies that have already been stored/dropped on your browser/device first and then re-visit our site to opt-out of sale/sharing. Please note the Cookie Settings only controls the Cookie Settings for the browser or device you are using. You will need to update the Cookie Settings on all of the browsers/devices that you use to access our website to fully exercise the right to opt-out.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

Other California Privacy Rights

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Services that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected].

Changes to Our Privacy Policy

We reserve the right to amend the Privacy Policy at our discretion and at any time. When we make changes to this notice, we will post the updated notice on this page and update the notice’s effective date. Your continued use of our Services following the posting of changes constitutes your acceptance of such changes.

Contact Information

If you have any questions or comments about this notice, the ways in which Avetta collects and uses your information described here and in the main terms of the Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Email: [email protected]

Postal Address:

AVETTA, LLC

Attention: Privacy Officer

3300 North Triumph Blvd. Suite 800

Lehi UT 84043, USA

If you need to access this notice in an alternative format due to having a disability, please contact [email protected].

Australia – Additional Disclosures to Australian Residents

Last Updated: September 28, 2023

DO WE DISCLOSE PERSONAL INFORMATION TO OVERSEAS RECIPIENTS?

We may disclose your personal information to recipients which are located outside Australia. Please see Section 6 of the Privacy Policy for details.

DO WE USE YOUR PERSONAL INFORMATION FOR MARKETING?

We will use your personal information to offer you products and services we believe may interest you, but we will not do so if you tell us not to. These products and services may be offered by us, our related companies, our other business partners or our service providers.

Where you receive electronic marketing communications from us, you may opt out of receiving further marketing communications by following the opt-out instructions provided in the communication. However, please note that we may continue to send transactional or relationship messages (such as account notifications) after you opt out of marketing messages.

ACCESS TO AND CORRECTION OF YOUR PERSONAL INFORMATION

You may access or request correction of the personal information that we hold about you by contacting us. Our contact details are set out below. There are some circumstances in which we are not required to give you access to your personal information.

There is no charge for requesting access to your personal information, but we may require you to meet our reasonable costs in providing you with access.

We will respond to your requests to access or correct personal information in a reasonable time and will take all reasonable steps to ensure that the personal information we hold about you remains accurate, up to date.

COMPLAINTS

If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal information, you should contact us. Our contact details are set out below.

We will consider your complaint and determine whether it requires further investigation. We will notify you of the outcome of this investigation and any subsequent internal investigation.

If you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent advisor or contact the Office of the Australian Information Commissioner (“OAIC”) (www.oaic.gov.au) for guidance on alternative courses of action which may be available.

CONTACT DETAILS

If you have any questions, comments, requests or concerns, please contact us at:

Email[email protected]

Postal Address:

AVETTA, LLC

Attention: Privacy Officer

3300 North Triumph Blvd. Suite 800

Lehi UT 84043, USA

Upcoming Events
March 20-21
PASA ProcureTECH
March 26-27
Vancouver, BC
STAC 2024 Conference & Exhibition
April 9-11
Consero Procurement & Strategic Forum
April 29 - May 2
Banff, AB
Energy Safety Conference
April 30- May 1
Dallas, TX
2024 Generis American Supply Chain Summit
May 15-16
Rosemont, IL
Booth #403
NSC Spring Safety Conference & Expo
Aug 7-9
Denver, CO
ASSP Safety 2024
August 25-28
Aurora, CO
VPPPA
Sept 16-18
Orlando, FL
NSC Congress & Expo