[Last Updated: March 26, 2025]
(1)INTRODUCTION AND SCOPE OF THIS PRIVACY POLICY
This privacy policy (“Privacy Policy”) describes how Panaya Ltd. and its affiliates company and subsidiaries (collectively, “Panaya”, “us” or “we”) collect, use and process Personal Data (as defined below), including the needed disclosure and information about the types of Personal Data collected, why we collect your Personal Data and the purposes for which we will use it, how long we will retain it, with whom we share it, what are your applicable right regarding your Personal Data, and how you can exercise them.
This Privacy Policy applies to our data collection and privacy practice in connection with:
Customer and Prospect shall be, collectively and separately, referred herein as “you”.
In the event you have applied for a job with us, please further review our Candidates Privacy Policy which governs our Personal Data processing practices in connection with such interactions.
This Privacy Policy forms an integral part to our Website Terms of Use and our Master Service Agreement or EULA, as applicable. Capitalized terms used herein however not defined shall have their respective meaning assigned to then therein.
ANY PERSONAL DATA YOU PROVIDE IS MADE AT YOUR FREE WILL AND CONSENT (WHERE REQUIRED UNDER APPLICABLE DATA PROTECTION LAWS), AND YOU ACKNOWLEDGE THAT YOU ARE NOT UNDER ANY STATUTORY OBLIGATION TO PROVIDE PERSONAL DATA TO PANAYA. HOWEVER, IF YOU WILL NOT PROVIDE US WITH CERTAIN PERSONAL DATA, WE WILL NOT BE ABLE TO FULFILL CERTAIN PURPOSES, FOR EXAMPLE, PROVIDE CERTAIN SERVICES, COMMUNICATE WITH YOU REGARDING ANY INQUIRIES YOU SUBMIT – ALL AS DESCRIBED UNDER SECTION 3 OF THIS PRIVACY POLICY “DATA SETS COLLECTED BY PANAYA, PURPOSE OF USE AND LAWFUL BASIS” WHICH DETAILS THE PURPOSES FOR WHICH EACH PERSONAL DATA SET IS COLLECTED.
This Privacy Policy further includes or incorporates specific information required under applicable data protection laws for residents of certain jurisdictions, among others:
If you are a located in the EEA or UK – this Privacy Policy further details our lawful basis for processing Personal Data, information regarding cross border data transfer and your rights, as well as additional information we are required to disclose to you under the EU and the UK General Data Protection Regulations (collectively “GDPR”).
If you are a California resident – please also review our CCPA Privacy Notice which serves as a Notice at Collection as required under the California Privacy Rights Act (“CCPA”) and further details the categories of information collected and additional information regarding our privacy practices, including your rights.
Additional Information to certain United States Residents (including, for example and without limitations, Colorado, Connecticut, Virginia and Utah) – please also review Section 12 of this Privacy Policy “ to learn more about our privacy practices and your rights under these territories.
(2) POLICY AMENDMENTS
We reserve the right to amend this Privacy Policy from time to time, at our sole discretion. The most recent version of this Privacy Policy will always be posted on the website and the update date will be reflected in the “Last Updated” heading. We will provide notice to you if these changes are material, and, where required by applicable law, we will obtain your consent. Any amendments to the Privacy Policy will become effective immediately, unless we notify otherwise. We recommend you review this Privacy Policy periodically to ensure that you understand our most updated privacy practices.
(3) CONTACT INFORMATION AND DATA CONTROLLER INFORMATION
Panaya Ltd, a company incorporated under the laws of the state of Israel, is the “data controller” (as such term is defined under applicable privacy and data protection legislation) of the Personal Data collected which is subject to this Privacy Policy. This means that we are responsible for deciding how your Personal Data is processed (purpose and means), as well as to implement applicable measures to secure the Personal Data we store, and where applicable, enable you to exercise your rights.
For any question, inquiry or concern related to this Privacy Policy or the processing of your Personal Data, you may contact as follows:
Panaya Ltd:
By Email: [email protected]
By Mail: 6 HaHarash Street, Hod Hasharon, Israel, 4524079.
Data Protection Officer:
Panaya is a part of Infosys global corporation. You may contact Infosys DPO, as follows:
Contact person: Srinivas P
By E-mail: [email protected],
By Mail: Infosys Limited, Electronics City, Hosur Road, Bangalore 560 100, India (Attn: Panaya DPO)
Data Protection Representative for Data Subjects in the EU:
We value your privacy and your rights as a data subject and have therefore appointed our subsidiary, Panaya Germany GmbH (“Panaya Germany”), as our privacy representative and your point of contact. If you want to contact us via Panaya Germany, please use the following means:
By Email: [email protected]
By Mail: Panaya Germany GmbH c/o RPI Roehm, Elsenheimerstr. 7, 80687 München, Germany (Attn: Panaya Data Protection Representative)
(4) DATA PROCESSED BY PANAYA, PURPOSES OF USE AND LAWFUL BASIS
We may collect two types of information from you, depending on your interaction with us.
The first type of information is non-identifiable and anonymous information (“Non-Personal Data”). We are not aware of the identity of the individual from who we have collected the Non-Personal Data and cannot link between the data and the individual with reasonable means. Non-Personal Data which is being gathered consists of technical information, and may contain, among other things, the type of operating system and type of browser, type of device, your action in the website or Services (such as session duration) – all is considered as Non-Personal Data when collected on an aggregate basis, or otherwise not combined with any identifiers. We may further process and anonymize data in a manner that the data will be Non-Personal Data.
The second type of information is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual (“Personal Data”).
For the avoidance of doubt, any Non-Personal Data connected or linked to Personal Data shall be deemed as Personal Data as long as such connection or linkage exists.
We may collect different categories of Personal Data, depending on the nature of your interaction with us, our website and Services. Below we detail the Personal Data we collect and how and for which purposes we process and use your Personal Data, as well as our lawful basis for processing (subject to the GDPR, if applicable).
| Type of Personal Data | Purposes of Processing | Legal Basis under the GDPR |
| PROSPECTS DATA | ||
| Online Identifiers and Website Engagement Data: When you interact with our website, we may collect your online identifiers, such as Internet Protocol (IP) address, Cookie ID, user agent, and other unique identifiers (“Online Identifiers”). Online Identifiers, such as IP address, are further used to generate certain information, for example, extract your approximate location (e.g., country and Zip). Further, when you access our website or interact with it, we may further collect information related to your interactions, including session durations time and date stamp, the content viewed on our website, user-interface click, crash data, language preferences, etc. We may further use tools on our website which provides us with information and insights regarding your website interactions such as business intelligence tools that may identify your business organization’s IP referring URL (that is, the webpage or advertising campaign directing you to our website, and other similar business’ websites you visited in the session (“Website Engagement Data”). If the Website Engagement Data is associated with an Online Identifier it is processed by us as Personal Data. | Online Identifiers and Website Engagement Data are used for the following purposes: To operate the website and enable its proper functionality, for security and fraud prevention purposes, debugging purposes and to resolve technical problems. For analytic purposes and to enhance and improve our Services, and the way we offer them, etc. For example, we process this data to understand how Prospects use our website or the most viewed content, to improve the way we present such content. To promote, advertise and market our website and Services. This includes targeted advertisements (which further depends on your cookies’ settings and preferences) on our website or third party’s platforms across the web, .and to measure effectiveness of some ads we use, to track conversions, build targeted audience, and remarket our Services to people who have taken some action on the website. | Online Identifiers collected through cookies used on our website, which are strictly necessary for the proper and basic operation of the website, including strict security purposes, will be processed based on our legitimate interest. Online Identifiers and Website Engagement Data used for analytics and marketing purposes through our use of targeting and marketing cookies, will be processed based on your consent which we will obtain through our cookie preference management tool available on our website. You may withdraw consent at any time by using the cookie preference tool, or by managing opt-out through your browser or device. See Section 4 of this Privacy Policy “Cookies and Tracking Technologies” for additional information. |
| Contact Information and Contact Communications Data: In the event you contact us with any inquiries, either through an online form available on the website (i.e., the contact us and support pages, , etc.), by sending us an email or by any other means, if you sign up to receive marketing communications, book a demo or sign up to a webinar or an event, etc., you will be requested to provide us with your contact information, which depending on the interaction with us may include your name, telephone number, email address or business email address, your organization, position (“Contact Information”). Further, we may collect your Contact Information through our third-party aggregators, that provides contact and business information and intelligence for marketing and sales promotions and similar sources. In addition, when we communicate with you, by emails correspondence, phone call or other means, we will further process and store the communications with you, including email correspondence and, where applicable call and meeting recording (where subject to applicable laws, we will obtain your consent), and may also process data related to such communications such as, interactions with email communications (access time and date), etc. (“Communications Data”). | Contact Information and Communications Data are used for the following purposes (as applicable to our interactions): To respond to your inquiries or request, including, as applicable, to set up meetings, send you with instructions or access to a demo or a webinar you have signed up to, to enable your access, etc. To send you the marketing material, informational content or newsletter you have signed up to receive. To contact you or send you marketing material related to our Services in which you have shown your interest, including promotions, such as free trial, new features, additional offerings, special opportunities etc. (“Direct Marketing”), or otherwise, subject to applicable laws, to contact you and explore potential business opportunities and offer you information regarding our Services that we think will be of interest to you based on your organization position, etc. To promote, improve and enhance our sales and marketing efforts. To have internal records of our communications, in the event we believe it is required, for example, in the event of any actual, potential or threatened claim or dispute, to comply with our obligations under applicable laws or have internal records of such compliance, in order to provide you with any further assistance, etc. | Processing Contact Information and Communications Data to reponed to your inquiry or request or send information you have voluntarily signed up to receive, is based on your consent. Processing Contact Information and Communications Data for our unsolicited marketing campaigns, including Direct Marketing, is based on our legitimate interests. Processing Contact Information and Communications Data to improve our marketing efforts and for internal records keeping, is based on our legitimate interests. You have the right to withdraw your consent at any time. You may further opt-out from our marketing communications by using the “unsubscribe” or other option we provide within the body of the message. |
| Customer Account – Admin Account Information: In order to use our Services, our Customers will need to initially create an account for their admin (“Admin”) by providing such Admin information to us (through registration or otherwise directly to us to create the account). For such purpose, Customers will provide with the Admin’s information such as name, email address, role, and other similar contact information (“Admin Account Data”). | Admin Account Data is used for the following purposes: To create and designate the account, authentication and validate access, enable log-in, access and use of the Services. To send Customers with needed service, operation or transaction information related to our engagement (e.g., billing and invoicing, technical updates, etc.). For Direct marketing purposes (as defined above), meaning, as our Customer or its representative, we may send you marketing related communications (by email or other contact details you have provided), materials and content regarding the Services you are currently using or any services we may offer in the future to keep you up to date and promote or Services. | Processing Admin Account Data for the purpose of account creation and validation, enable log-in and for transactional or operational messages is based on contract necessity. Processing Admin Account Data for Direct Marketing purposes is based on our legitimate interest. You can opt-out at any time using the “unsubscribe” option within the body of the message. Please note that if you choose to unsubscribe from our Direct Marketing, we will still retain your contact details and send you service-related emails, such as invoices. |
| Contact Information and Communications with Our Customer Support: When our Customer or any of its representatives contact us for customer support, we will collect and retain the records of such representative’s contact information, including, as applicable name, email address, phone number, organization name, and position, as well as records of our communications which may include email correspondence, chat correspondence, call recording (subject to obtaining consent where required under applicable laws), etc. | We process the information provided through communications with our customer support for the following purposes: * To provide you with the requested service and support needed, including to provide further assistance where requested. * To have internal records to evidence the support was provided or in the event we find needed subject to any potential, actual or threatened claim or dispute with us. * To improve our Services, analyze our customer support efforts, for quality monitoring, training and compliance purposes. | Processing the information provided through communications with our customer support to provide the required support services is based on contract necessity. Processing the information provided through communications with our customer support for our internal records and service improvement, is based on our legitimate interest. Call recordings will be processed based on your consent. You have the right to withdraw consent at any time. |
| Service Usage Data: When you use our Services, information regarding such use is automatically generated and collected, which may include the click stream within the Services, the use of the Services (i.e., accessed or used by Customer) and the time spent on those pages or features, crash data and analytics, login data, etc. These session recordings record how you interact with the Services. We log crashes, interaction with the Services, how often you use the Services, how long you are on the Services, etc. (Collectively “Usage Data”) | We process Usage Data for the following purposes: To secure our Services, and detect any potential threats or fraudulent activities, for operation and debugging purposes, and for example, to resolve technical errors. To analyze the use of our Services in order to better provide and improve our Services. To enforce our policies and agreements regarding the use of our Services and to have internal records to evidence the Services provided or used, in the event we find needed subject to any potential, actual or threatened claim or dispute with us, and to comply with applicable laws or security standards. | Processing Usage Data is based on our legitimate interest. |
Please note that the actual processing operation per each purpose of use and lawful basis detailed in the table above may differ. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. The transfer of Personal Data to third-party countries, as further detailed in Section 10 of this Privacy Policy “Cross-Border Data Transfer”, is based on the same lawful basis as stipulated in the table above.
In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of our Services, and to enforce our terms of use and other policies, as well as to protect the security or integrity of our databases all systems, and to take precautions against legal liability. Such processing is based on our legitimate interests.
(5) HOW WE COLLECT PERSONAL DATA
Depending on the nature of your interaction with Panaya, we may collect Personal Data as follows:
Automatically – we may use cookies (as elaborated below) or similar tracking technologies to gather some information automatically when you interact with our website or Services.
Provided by you voluntarily – we will collect Personal Data if and when you provide us with the information, such as when you contact us, etc.
Provided by third parties – such as third parties data aggregators, referrals, etc.
(6) COOKIES AND TRACKING TECHNOLOGIES
We use “cookies” (or similar tracking technologies such as tags and pixels) when you interact with our website. The use of cookies is a standard industry-wide practice. Cookies and similar technologies are a small piece of information, text or code that a website assigns and stores on your computer or browser while you access a website.
Cookies can be used for various purposes, including allowing you to navigate between pages efficiently, for statistical purposes, for operation and security purposes, as well as for advertising purposes.
The information generally collected and stored by cookies includes Online Identifiers, Usage Data, and Usage Data (as defined under Section 4 of this Privacy Policy “Data Processed by Panaya, Purpose of Use and Lawful Basis”).
Such cookies and tracking technologies can be either placed by us (known as “first party cookies”), or by third parties such as our marketing partners, social media, analytic providers, etc. (known as “third party cookies”). In addition, the duration of such cookies and tracking technologies – meaning the period until such are deleted – can be either when you close your browser (known as “session cookies”) or longer periods according to their purpose and settings (known as “persistent cookies”).
Where we use third-party advertising cookies, such third-party may independently collect, through the use of such tracking technologies, some or all types of Personal Data detailed above, as well as additional data sets, including to combine such information with other information they have independently collected relating to your online activities across their network of websites, for the purpose of enhanced targeting functionality and delivering personalized ads, as well as providing aggregated analytics related to the performance of our advertising campaign you interacted with. These third parties collect and use this information under their own privacy policies and are responsible for their practices.
You can find more information about cookies here: www.allaboutcookies.org.
Please see our cookie list available HERE, which details the cookies we use on our website. You may change your cookies preference at any time, including, as applicable, withdraw consent or opt-out for the processing of Personal Data through cookies for certain purposes, by using our cookie setting tool available in our website. Note that, certain cookies used for strict operation and security purposes are considered as “strictly necessary” and cannot be disabled.
In addition, most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. You may set your browser to block all cookies, including cookies associated with our website, or to indicate when a cookie is being used by us, by adjusting the privacy and security settings of your web browser. Please refer to the support page of your browser to learn more about how you can adjust your privacy and security settings.
Please note that once you choose to opt out or disable cookies, some features of our website may not operate properly, and your online experience may be limited.
(7) DISCLOSURE OF PERSONAL DATA
We may disclose your Personal Data to third parties, including our affiliated companies, partners or service providers that help us manage our business operations or provide our Services. You can find in the table below information about the categories of such third-party recipients.
| Category of Recipient | Data That Will Be Shared | Purpose of Sharing |
| Trusted Agents and Service Providers | All types of Personal Data as needed for the service provided, on a case-by-case basis | We employ other companies and individuals to perform functions and services on our behalf. Such third parties may include outsource consultants, communication service providers, storage providers, analytic service providers, marketing and sales assistance, IT service providers or tools used to identify errors and crashes, customer relationship management services, etc. These third-party service providers have access to Personal Data needed to perform their functions, but they are prohibited, through contractual obligations, from using your Personal Data for any purposes other than providing us with requested services. |
| Marketing Partners | Online Identifiers and Usage Data. | We may share Personal Data with marketing partners we engage with or use their tools and services for our digital marketing campaigns, including for targeted online advertising campaigns. These marketing partners may include social media partners or other marketing services which their cookies we place on our website. These marketing partners may combine your Personal Data with other data they collect independently from your visits and interactions on other websites. |
| Affiliated Companies and Corporate Transactions | All types of Personal Data as needed, on a case-by-case basis. | We may share your Personal Data with our affiliated companies including our parent company or subsidiaries, for sales and marketing purposes, providing customer relationship services, etc., or in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation, or asset sale). |
| Enforcement of our Rights, Security and Fraud Prevention & Law Enforcement | All types of Personal Data as needed, on a case-by-case basis | We may disclose certain Personal Data to law enforcement, governmental agencies, or authorized third parties, in order to comply with applicable laws or in response to a verified request or order. We may further disclose Personal Data to enforce our policies and agreements, as well as defend our rights, including the investigation of potential violations thereof, alleged illegal activity or any other activity that may expose us to legal liability, and solely to the extent required. In addition, we may disclose Personal Data to detect, prevent, or otherwise address fraud, security, or technical issues, solely to the extent required. |
For the avoidance of doubt, we may transfer and disclose or otherwise use Non-Personal Data or information which is linked to anonymous random identifiers or information that is aggregated in a non-identifiable way, at its own discretion.
(8) YOUR RIGHTS RELATED TO YOUR PERSONAL DATA
We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your Personal Data. Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to your Personal Data, you have the right to control and request certain limitations or rights to be executed.
The principal rights that may apply to your Personal Data (subject to your jurisdiction and additional conditions) may include:
| Right to be informed, right to know, and right to a list of specific third parties | You have the right to be provided with information regarding our Personal Data collection and privacy practices. You also have the right, at our option, to receive a list of the specific third parties to which we have disclosed either your Personal Data or any Personal Data. This Privacy Policy also details our Personal Data handling practices |
| Access rights, right to inspect your Personal Data | You have the right to confirm whether we collect Personal Data about you and to know which Personal Data we specifically hold about you, as well as receive a copy of such or access it. If you wish to receive a copy of the Personal Data, please submit the Data Subject Request form available HERE. |
| Right to correction/rectification | You have the right to correct inaccuracies in your Personal Data in the event you found it incorrect, outdated, etc. (or otherwise request its deletion), taking into account the nature and purposes of each processing activity. If you wish to exercise this right, please submit the Data Subject Request available HERE. |
| Right to be forgotten, right to deletion | You have the right to request the deletion of certain Personal Data we process, if specific conditions are satisfied, for example, if you think we no longer need to use it for the purpose we collected it; in the event that the collection was based on your consent; where we have used it unlawfully, or; where we are subject to a legal obligation to delete your Personal Data. Deletion request will be subject to our rights and obligations under applicable law (for example, our legitimate interests to maintain record keeping, completing transactions, providing a service that you have requested, taking actions reasonably anticipated within the context of our ongoing business relationship with you, detecting security incidents, protecting against illegal activity; debugging; exercising right provided for by law, etc.). If you wish to exercise this right, please submit the Data Subject Request form available HERE. You are not required to create an account with us to submit a deletion request. |
| Right to portability | You have the right to obtain the Personal Data in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance. We will select the format in which we provide your copy. If you wish to exercise this right, please submit the Data Subject Request form available HERE |
| Right to withdraw consent. Right to opt out from: (i) “sale” of Personal Data; (ii) Targeted advertising; and (iii) Profiling and automated decision making | Marketing Communications: You have the right to opt-out from receiving any marketing communication from us or otherwise withdraw consent, by unsubscribing through the message received. Cookies: You have the right to opt-out or otherwise withdraw consent from processing of Personal Data through our use of cookies, by changing your preferences through the cookie setting tool available on our website. Sale of Personal Data for targeted advertising, monetary gain or profiling, or Share or Sale of Personal Information for analytic or marketing: If and to the extent applicable, you have the right to opt out of the “sale” or “share” of your Personal Data which includes opting-out of our practice of using cookies for the purposes of targeted advertising, analytic, etc. by clicking on the “Do Not Sell or Share My Personal Information” link on our website or communicating your opt out through opt-out preference signals, like Global Privacy Control (learn more here). . In any event, please keep in mind that opt-out tools are limited to the browser or device you use because they work off your browser ID and device ID and, accordingly, you will need to opt-out on each browser and device you use. Your browser may save some information in its cookies and cache to maintain your privacy preferences. Clearing these may remove opt-out preferences, requiring you to opt-out again. |
| Right to Object | You have the right to object to any use of your Personal Data which we have justified by our legitimate interest if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest. |
| Right to Restrict Processing | You have the right to ask us to restrict or limit the purpose for which we process your Personal Data, where certain conditions are satisfied (for example, where you contest the accuracy of the Personal Data, for a period enabling us to verify its accuracy). |
| Right to appeal or lodge a complaint | If we decline to take action on your request, we will inform you without undue delay as required under applicable laws. The notification will include a justification for declining to take action and instructions on how you may appeal, if applicable. Within the timeframe set under applicable law as of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to your appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the applicable authority. Where the GDPR applies, you have the right to lodge a complaint with the applicable Data Protection Authority in the EU or the Information Commissioner in the UK. |
In the event you are a Customer – note that termination of the engagement or closing your account does not automatically resolve in deletion of data. If you wish to delete the data, please ensure to contact us with such request.
For California residents – additional information regarding your rights is provided under our CCPA Privacy Notice.
For US residents – additional information regarding certain rights is provided under Section 13B of this Privacy Policy “Jurisdiction Specific Notices”.
(9) DATA RETENTION
We retain Personal Data we collect as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws, or until an individual expresses a preference to opt-out or delete its Personal Data.
Other circumstances in which we will retain your Personal Data for longer periods of time include:
Please note that except as required by applicable law, we may at our sole discretion, delete or amend information from our systems, without notice to you, once we deem it is no longer necessary for such purposes.
(10) SECURITY
At Panaya, security is our highest priority. We design our systems with your security and privacy in mind. We have implemented physical, technical, and administrative security measures that comply with applicable laws and industry standards intended to protect Personal Data from unauthorized access, alteration, disclosure or destruction. These measures include, among others, encryption, security tools such as firewalls, as well as placing access controls to ensure only permitted individuals of our staff members may access your Personal Data on a need-to-know basis.
Note that we cannot be held responsible for unauthorized or unintended access beyond our control, and we make no warranty, express, implied, or otherwise, that we will always be able to prevent such access.
Please contact us at: [email protected], if you become aware of a third party’s attempt to gain unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) in the event that we discover a security incident related to your Personal Data.
(11) CROSS-BORDER DATA TRANSFER
We may store or process your Personal Data in the EU, the United States or in other countries. Thus, any information you provide us may be transferred to and processed in countries other than the country from which you accessed our website or Services. We will take appropriate measures in line with industry standards to ensure that your Personal Data receives an adequate level of data protection upon its transfer. When Personal Data collected from within the EEA is transferred outside this territory, we take necessary steps in order to ensure that sufficient safeguards are provided during the transferring of such Personal Data, pursuant with transfer mechanisms approved by applicable laws, which may include the Standard Contractual Clauses or other approved framework.
(12) CHILDREN
Our website and Services are not intended for use by children and we do not knowingly collect or maintain information about anyone under the age of 16. Please contact us at: [email protected], if you have reason to believe that a child has shared any information with us.
(13) JURISDICTION-SPECIFIC NOTICES
Information provided below supplements the information contained in this Privacy Policy and applies solely to residents of such states. These additional disclosures are intended to provide you with additional information with regard to our handling of your Personal Data and certain consumer rights.
This section applies to California residents only, pursuant to the CCPA.
Please see the CCPA Privacy Notice which discloses the categories of Personal Information collected, purpose of processing, source, categories of recipients with whom the Personal Information is shared with for a business purpose, whether the Personal Information is sold or shared, the retention period, and how to exercise your rights as a California resident.
Residents of certain U.S. states (depending on the applicable state law, acting as an individual or in the household context only and not in a commercial or employment context, as a job applicant or as a beneficiary of someone acting in an employment context or as representative of a business), may have additional rights under applicable privacy laws and be entitled to additional disclosures.
“Personal Data” under applicable US privacy laws, generally means any information that is linked or reasonably linkable to an identified or identifiable individual (and usually does not include publicly available information that is lawfully made available from government records, or that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; or information excluded from the states laws scope. “Sensitive Data” mainly includes data revealing racial or ethnic national origin, religious beliefs, information regarding an individual’s medical history, mental or physical health condition, diagnosis or medical treatment, neural data, status as transgender or non-binary, sex life, sexual orientation, status as a victim of a crime, citizenship or immigration status; genetic or biometric data; Personal Data collected from a known child; and precise geolocation data. We will obtain your consent before collecting Sensitive Data even if they are not used to identify you.
We are required to provide you with a clear and accessible privacy notice that includes the categories of Personal Data processed, including any Sensitive Data, the purpose of processing, the categories of Personal Data shared with third parties, the categories of third parties with whom Personal Data is shared, the categories of Personal Data that is sold or used for targeted advertising, if any, the categories of third parties to whom the Personal Data is sold, if any, a list of your data rights and instructions for exercising those rights and appealing decisions, and our contact information. This information is detailed under this Privacy Policy and further below.
Categories of Personal Data & Categories of Third Parties with Whom Personal Data is Shared:
Under Section 3 of the Privacy Policy “Data Processed by Panaya, Purposes of Use and Lawful Basis”, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without obtaining your consent, unless we are otherwise entitled, required or permitted under applicable laws.
Additionally, under Section 7 of the Privacy Policy “Disclosure of Personal Data” we detail and disclose the categories of third parties we share Personal Data with for a business purposes.
“Sale” of Personal Data:
Under US privacy laws, in principle, the term “sale” is referring to disclosing or making available Personal Data to a third-party in exchange for monetary or other valuable consideration, including for targeted advertising purposes. We do not “sell” information as this term is commonly understood, meaning – we do not, and will not, disclose your Personal Data in direct exchange for money or some other form of payment. However, subject to the definition of the term “sale” under applicable US privacy laws, our practice of using “cookies or other third-party advertising services and sharing Personal Data for such purpose to third party advertising and marketing providers (e.g., providers of marketing tools and analytic tools, advertising networks, social media networks, media buying, search platforms) is considered a “sale”.
Such practice includes the following Personal Data categories shared with these third parties:
Identifiers – online identifiers such as IP and Cookie ID;
Internet and electronic network activity information – such as your engagement with our website and ads.
Geolocation data – derived from IP (country level).
Consumer Rights Related to Their Personal Data:
Residents of certain U.S. states may have additional rights under applicable privacy laws, subject to certain limitations, which may include:
Access – the right to confirm whether we are processing their Personal Data and to obtain a copy of their Personal Data in a portable and, to the extent technically feasible, readily usable format.
List of Third Parties – the right to receive a list of the specific third parties to which we have disclosed either your Personal Data or any Personal Data.
Delete – the right to request us to delete their Personal Data provided to or obtained by us.
Correct – the right to request us to correct inaccuracies in their Personal Data, taking into account the nature and purposes of the processing of the Personal Data.
Opt-Out – the right to opt out of certain types of processing, including: (i) to opt out of the “sale” of their Personal Data; (ii) to opt out of targeted advertising by us; and (iii) to opt out of any processing of Personal Data for profiling in furtherance of making decisions that produce legal or similarly significant effects. However, as noted above, we do not engage in profiling in furtherance of legal or similarly significant effects.
Appeal – the right to appeal if we decline to take action in response to your exercise of a privacy right.
Non-Discrimination – the right to not be discriminated against for exercising your privacy rights.
Section 8 under this Privacy Policy “Your Rights Related to Your Personal Data” provides additional information regarding your principal rights.
Exercising Consumer Privacy Rights:
You may submit a request to exercise most of your privacy rights under U.S. state privacy laws by submitting a Data Subject Request form as available HERE or contacting us. We will take steps to verify your identity and your request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information to verify your identity, or where necessary to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for denial and how to remedy any deficiencies, where applicable.
Authorized agents may initiate a request on behalf of another individual, provided that such will be required to provide proof of their authorization, and we may also require that the individual directly verify his/her identity and the authority of the authorized agent.
We will respond to your request within the timeframe required under applicable law, and we reserve the right to extend the response time subject to applicable law requirements. If we refuse to take action on a request, we will notify you and our notification will include a justification for declining to take action.
Appeal Rights
Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request, by contacting us as instructed in our response. Please send your appeal request with a summary of the request and decision you want to appeal to [email protected].
Not more than 60 days after receipt of an appeal, and always in accordance with the timelines set by the applicable US Privacy Laws, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reason for the decision.
If you are not happy with our response, depending on your jurisdiction, you may have the right to lodge a complaint against us with the relevant State’s Attorney General:
