Natero, Inc. (“Natero” or “we” or “us” or “our”), makes available a service that enables a customer that collects time-series data (e.g., website clickstream data, mobile application usage data) to define and view custom analytical reports based on such data and information (the “Service”). A customer that desires to use the Service must execute a separate online agreement with Natero (the “Natero Service Agreement”). A customer that executes such an agreement is referred to herein as a “Natero Customer”. Under such agreement, the Natero Customer grants Natero permission to collect and store time-series data from where it is generated or stored as specified by the user. This data and the information provided to Natero to permit us to access such data for collection are collectively referred to as “Customer Data.” Natero also collects Registration Data as defined below.
As used in this policy, the terms “using” and “processing” information include using cookies on a computer, subjecting the information to statistical or other analysis and using or handling information in any way, including, but not limited to collecting, storing, evaluating, modifying, deleting, using, combining, disclosing and transferring information within our organization or among our affiliates.
Information Collection and Use of Information on the Natero Website
Natero collects some personal information and some anonymous information about visitors to our website in order to maintain the website and to tailor the website to their needs, referred to as “Registration Data.” In this case, Natero acts as the data controller for this data. We do not collect personal information that is connected to their online activities over time or across third-party websites or online services (but we may collect this type of anonymous information about them through the use digital re-targeting technology). We may use personal information collected through our website to complete a transaction they request. For example, to provide Natero business information to them that they have specifically requested. If they give us permission, Natero and its third party partners may also use their mailing address, telephone number or email address to alert them about updates to the Service or to discuss potential sales of the Service. If they give us permission to use their personal information for a specific purpose and they decide later they don’t want us or our third party partners to contact them, they have the ability to rescind their permission. Anonymous information collected through our website is used for maintenance and monitoring of the website, and market research.
Information Collection and Use of Information through the Natero Service
Natero collects some personal information about users of the Natero service, including name and email address. We use this personal information to provide updates on the service, contact users who are experiencing service issues, and as part of the identification required to provide access to the service itself. Natero may collect anonymous or personal information relating to a user’s use of the Service, for example, usage of the Service, renewal data and clickstream data. Anonymous information gathered from a user’s use of the Service may be used in conjunction with personal information gathered at the same time to prepare reports for our customers on how their users are using the Service. For example, we may gather information about how many times a specific user name in under a Service account uses a certain feature of the Service and for what length of time, and include the same in a report provided to you. Natero also collects information about how the users of the Natero service interact with the service for purposes of improving the service and debugging service issues. We also use personal information provided to us by our users, or which you upload to the Service via the platform, in accordance with your authorization under the Terms of Service to assist you with questions and to resolve problems relating to your use of the Service. In the case of data collected about the users of the Natero service, Natero acts as the data controller for the data.
Natero also may collect personal information about the customers of our customers. Natero handles personal data we receive from our customers, as such we are not the data controller and do not determine what specific personal data will be transferred. Having said that, the range of potential data may include individual name, email address and physical address. Personal Information we collect from our customers’ customers is collected and used for the sole purpose of providing the Service to that customer. Natero uses anonymous information to efficiently operate the Service, to enhance your experience using the Service, to optimize the performance of the Service, and to show potential customers how the Service is used by other customers. For example, we may use anonymous information to diagnose and correct any problems you or others are having with the Service or include anonymous information in a Service usage report during a sales pitch to a potential customer to show how the Service is used by existing customers.
Identity theft and the practice currently known as “phishing” are of great concern to Natero. Safeguarding information to help protect you from identity theft is a top priority. We do not and will not, at any time, request your credit card information, your account ID, login password, or national identification numbers in a non-secure or unsolicited e-mail or telephone communication. For more information about phishing, visit the Federal Trade Commission’s website.
Information Sharing and Disclosure
Aggregate Information and Non-Identifying Information. We may share aggregated information about Registration Data that does not include personally identifiable information and we may otherwise disclose non-identifying Information with third parties for industry analysis, demographic profiling and other purposes. Any aggregated information shared in these contexts will not contain your personally identifiable information. Otherwise, we will never share any Customer Data, aggregated or not, unless required to by law as described below.
Service Providers. We may employ third-party companies and individuals to facilitate our Site and Service, to provide the Service on our behalf, to perform Site-related services (e.g., without limitation, maintenance services, database management, web analytics and improvement of the Site’s features) or to assist us in analyzing how our Site and Service are used. These third parties may have access to your Registration Data or Customer Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Compliance with Laws and Law Enforcement. Natero cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We will only disclose information about you to government or law enforcement officials or private parties as necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of Natero or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, any illegal, unethical or legally actionable activity. Natero respects the ownership rights of Natero Customers in Customer Data and, accordingly, Natero will exercise commercially reasonable efforts to inform you of any request made to us for disclosure of your Customer Data and to cooperate with you in taking those measures permitted by law for limiting disclosure of your Customer Data.
Business Transfers. In the case of a merger, acquisition or reorganization, Natero may sell, transfer or otherwise share some or all of its assets, including your Customer Data, in order to provide you continued service.
Changing or Deleting Your Information
All Natero Customers may review, update, correct or delete their Registration Data and Customer Data, including the personally identifiable information in their registration profile by contacting us. If you completely delete all such information, then your account may become deactivated. If you would like us to delete your record in our system, please Contact us at email@example.com with a request that we delete your personally identifiable information from our database. We will use commercially reasonable efforts to honor your request. We will respond to your request for deletion within 30 business days.
Natero is very concerned with safeguarding your information. We employ administrative, physical and electronic measures designed to protect your information from unauthorized access.
We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored “personal data” (as defined in applicable state statutes on security breach notification) to you via email or conspicuous posting on this Site in the most expedient time possible and without unreasonable delay, insofar as consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
Privacy Shield Compliance
Freshworks, Inc. participates in and has certified its compliance with the EU-U.S. and Swiss-US Privacy Shield Framework. Freshworks, Inc. is committed to subjecting all Personal Data received from European Union (EU) member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List [https://www.privacyshield.gov/list]. Freshworks, Inc. complies with the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Frameworks (“Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and United Kingdom and/or Switzerland, as applicable, to the United States in reliance on Privacy Shield. Freshworks, Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/list.
Freshworks, Inc. is responsible for the Personal Data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Freshworks, Inc. complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, and Switzerland including the onward transfer liability provisions. Freshworks further commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, Freshworks, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Freshworks, Inc. and/or its Group Companies may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
How does Freshworks keep personal data secure?
We use appropriate technical and organizational measures to protect the Personal Data that we collect and process. The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Data.
While information security risks are always evolving, so are the controls. The controls, so implemented, are periodically reviewed as part of internal and external audits. If you have questions about the security of your Personal Data, please contact us immediately as described in this Privacy Notice.
EEA and Swiss specific rights
A) Collected Data
If you are an individual resident in EEA or Switzerland, you have the following data protection rights regarding Collected Data:
- If you wish to access, correct, update or request deletion of your Personal Data, you can do so at any time by contacting us.
- You can object to processing of your Personal Data, ask us to restrict processing of your Personal Data or request portability of your Personal Data. Again, you can exercise these rights by contacting us.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us.
- Similarly, if we have collected and process your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority.
If you seek access to, or wish to correct, update, modify or delete Personal Data (hereinafter referred to as a “Request”) which forms a part of Collected Data, please contact us at firstname.lastname@example.org. We respond to all requests we receive from individuals wishing to exercise their data protection rights within a reasonable timeframe in accordance with applicable data protection laws.
B) Service Data
We acknowledge that you have the right to access your Personal Data. Freshworks has no direct relationship with the individuals whose Personal Data it processes. If you seek access to, or wish to correct, update, modify or delete Personal Data (hereinafter referred to as a “Request”) which is part of the Service Data and processed by us on behalf of our Customer or if you are an End-User of one of our Customers and would no longer like to be contacted by one of our Customers that uses our Service(s), you should direct your query to our Customer i.e, the controller. if requested to remove data, We will respond within a reasonable timeframe.
If you are a Customer of our Service(s) and wish to raise a Request on behalf of your Users and End-Users in connection with Service Data, you may raise a ticket on the support portal of the relevant Service. Please note that if a Customer has subscribed to more than one Service, a Request on a particular Service support portal is specific to that Service only and separate Requests need to be raised across other relevant Service support portals.
CALIFORNIA-RESIDENT SPECIFIC RIGHTS
To the extent you are a 'consumer' as defined under the California Consumer Privacy Act of 2018 ("CCPA") and Freshworks is a 'business' as defined under CCPA, the following applies to you:
Subject to the provisions of the CCPA, you have the right to request in the manner provided herein, for the following:
a. Right to request for information about the:
- Categories of Personal Data Freshworks has collected about you.
- Specific pieces of Personal Data Freshworks has collected about you.
- Categories of sources from which the Personal Data is collected.
- Business or commercial purpose for collecting Personal Data.
- Categories of third parties with whom the business shares Personal Data.
b. Right to request for deletion of any Personal Data collected about you by Freshworks.
If you seek to exercise the foregoing rights to access or delete Personal Data which constitutes 'personal information' as defined in CCPA, please contact us at email@example.com or write to us here. We respond to all requests we receive from you wishing to exercise your data protection rights within a reasonable timeframe in accordance with applicable data protection laws. By writing to us, you agree to receive communication from us seeking information from you in order to verify you to be the consumer from whom we have collected the Personal Data from and such other information as reasonably required to enable us to honour your request.
The list of categories of Personal Data collected and disclosed about consumers are enlisted under the head 'What Personal Data does Freshworks collect and why?' and the list of categories of third parties to whom the Personal Data was or may be made disclosed are enlisted under the head 'Sharing of Personal Data'. Separately, Freshworks does not sell your Personal Data.
Links to Other Sites
Our Site contains links to other websites. If you choose to visit a third party website, e.g. an advertiser by "clicking on" a banner ad or other type of advertisement, or click on another third-party link, you will be directed to that third party's website. The fact that we link to a website or present a banner ad or other type of advertisement is not an endorsement, authorization or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise control over third-party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit personal information from you. Other sites follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit.
Our Policy Toward Children
Our Site and Service is not directed to children under 13. We do not knowingly collect personally identifiable information from children under 13. If a parent or guardian becomes aware that his or her child has provided us with personally identifiable information without their consent, he or she should Contact us at firstname.lastname@example.org. If we become aware that a child under 13 has provided us with personally identifiable information, we will delete such information from our files.
If you have any inquiries or complaints regarding this Policy or our compliance with Privacy Shield, you should first contact Natero at:
Postal address: 39355 California Street, Suite 307, Fremont, CA 94538, USA