Privacy Policy
Introduction
Pivotree Inc. and its subsidiaries (“Pivotree”, “our”, “we” or “us”) value our employees, customers, vendors and contractors (“you”, “your”, “yours”) privacy. Our goal is to treat your information with the utmost respect, and in accordance with this privacy statement. Please read on for details about our practices for collecting, using, handling and securing your information, and for information about your rights with respect to your information.
What information is covered?
In this privacy statement, “personal information” means any information relating to an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier. Personal information also refers to one or more factors specific to the physical, physiological, genetic, economic, cultural or social identity of an individual and includes any additional information that you may provide to us or we become aware of as a part of your employment or ongoing engagement with us.
The types of information you may be asked to provide to us include:
- Contact information (such as name, postal address, email address, mobile or other phone number)
- Age and date of birth
- Gender
- Payment information (e.g. payment details and bank information)
- Account information
- Product preferences and feedback
- Location information
- Content you provide (such as photographs, videos, reviews, articles, survey responses and comments)
- Device information provided to us through the type of device you use when you visit our Website and social media pages which may also include your unique device identifier, IP address, type of device or mobile operating system
- Information provided to us through social media networks when you visit our social media pages (such as your name, profile picture, likes, location, friend list and other information made publicly available by you on the social media network)
Your rights regarding your personal information
You have the following rights in relation to your personal information:
- To request access to your personal information held by us;
- To have any incomplete or inaccurate personal information corrected;
- To request the restriction, objection, or deletion of your personal information (under specific circumstances and in compliance with applicable laws);
- To receive a structured, commonly used, and machine-readable copy of the personal information that you provided to us (under specific circumstances and in compliance with applicable laws);
- If you have voluntarily provided your personal information or given consent for its use, the right to withdraw your consent;
- To opt out of receiving marketing communications at any time;
- To lodge a complaint with a data protection authority.
If you wish to exercise any of your rights, please speak to your point of contact within our organization, or email [email protected].
Complaints
If you have any concerns regarding an alleged violation by us of any privacy law or regulation, you can reach out the person you usually deal with within our organization or contact [email protected]. We will investigate your complaint and provide you with details about its handling.
Additionally, you can file a complaint with the data protection authority in your country of residence or location, or pursue the matter through a court of competent jurisdiction as outlined in any applicable agreement with us.
Questions
If you have any questions regarding the processing of your personal information or wish to contact the data protection officer, please contact us at [email protected]. Once you contact us at the email address above, we will respond to your request or direct your query to the appropriate person or team within our organization.
Purposes for which we process personal information
We process personal information for a variety of purposes, as further detailed below. We collect this personal information directly from you, for example, if you visit pivotree.com (our “site”), if you submit your contact details to receive marketing communications from us, if you submit event-related data to attend our events, or submit a job application via our careers website or through a recruiting partner. We also process your personal information in the context of providing services to your employer or service provider, and obtain your personal information via publicly available sources, such as LinkedIn. This privacy statement is intended to cover all the abovementioned scenarios.
(a) Visitors to pivotree.com
Legal basis for processing. Our legal basis for processing your personal information as a site visitor lies in our legitimate interests in effectively delivering information, products and services to you, improving our website and user experience, as well as through your providing explicit consent.
We process your personal information as a visitor to our site for several reasons, including site administration and management, customization of your browsing experience, analysis of visitor data, identification of your company or organization, development of our business and services, provision of marketing communications, benchmarking and data analysis, understanding visitor usage patterns on our site and enforcement of terms of use.
When you visit our site, we collect different types of information about you as further detailed below.
Information that you provide voluntarily.
We collect personal information that you voluntarily provide through our site. This includes information you share when you fill out online forms to get in touch with us, sign up for our newsletters, register for events, or when you take part in surveys. The information we collect may include your name, job title, education, company or organization details, contact information (like your email and phone number), demographic information (such as industry and location), and any other relevant information you choose to share with us.
We don’t intend to process special category data and we don’t intentionally collect special category data unless you provide it to us but we discourage you to provide anything that can be considered special category data. Special categories of personal information (special category data) is information from which we can determine or infer an individual’s biometric data, genetic data, membership of a trade union, physical or mental health or condition, political opinions, racial or ethnic origin, religious or philosophical beliefs, sex life or sexual orientation and personal information relating to criminal convictions and offenses. We do not want, nor will we ever ask you for such data on our site. We have open text boxes on our site where you can enter any information, but we don’t want you to share any special category data with us. If you do choose to provide us with special category data, you are consenting to its collecting and processing by us.
If you register on our site, we’ll store your personal information in our CRM system. We’ll delete your information if there’s no activity or engagement with us for 12 months, or as otherwise required by law. However, if you’ve opted out of receiving our publications, we’ll keep your basic contact details on our opt-out list.
Information that we collect automatically.
When you visit our site, certain personal information is automatically collected from your device. This information includes your IP address, device type, browser, operating system, and a rough estimate of your location. We also monitor your interactions with our site, including the pages you view, the links you click, and the duration of your visits. This information aids us in gaining insights into our site’s visitors, where they are located, and their areas of interest, thereby facilitating enhancements to our site to make it more tailored to you. The collection of this data is facilitated through the use of cookies and similar technologies (for more information, please refer to our Cookies Policy). However, if you have activated the “Do Not Track” feature in your browser settings, as a default practice, we will not employ targeted advertising cookies.
To analyze this data and generate reports about user activity on our site, we rely on Google Analytics and Hubspot. Google Analytics and Hubspot processes personal information such as IP addresses, user IDs, email addresses and names. This assists us in comprehending how individuals navigate our site, monitoring overall site traffic, making informed decisions, and verifying user identities. We are responsible for managing this information, while Google Analytics and Hubspot hosts it. You can obtain further information about Google Analytics and Hubspot‘s privacy practices and exercise control over their tracking activities on their official website.
(b) Clients
Legal basis for processing. We process personal information of our clients: (i) for the fulfillment of contractual obligations; (ii) to comply with our legal and regulatory obligations; (iii) for our legitimate interest in delivering uninterrupted, consistent, and high-quality services, as well as ensuring timely payment of associated fees, and costs; (iv) for our legitimate interest in identifying and addressing any conflicts of interest; and/or (v) for our legitimate interest in protecting our organization from inadvertently engaging in transactions involving the proceeds of criminal actions or assisting in any unlawful or fraudulent activities.
We process your personal information as a client for various reasons, including providing services to you, managing our relationship, upholding contractual agreements, conducting marketing and business development activities, and for historical and statistical purposes. We also use this information to comply with our legal and regulatory obligations, as well as to establish, exercise, or defend legal rights.
When you engage our services, we collect and utilize personal information when we have a legitimate business reason to do so, in connection with those services. We also process personal information of individuals who may not be our direct clients, such as our clients’ employees, customers and suppliers. For more details, please see the section titled “Individuals whose personal information we obtain in connection with providing services to our clients”.
The majority of the personal information we collect and use to provide our services is either provided voluntarily by our clients, or collected by us from third-party sources at the request or instruction of our clients. As a result, if you are a client of ours, it is typically evident to you what personal information we collect and use. This information may include basic information (e.g. your name, the organization you are associated with, your role, and your connection to another individual), your contact details (e.g. mailing address, email address, and phone numbers), financial information (e.g. payment-related information), and any additional personal information related to you or other third parties that you provide to us in the context of receiving our services.
(c) Individuals whose personal information we obtain in connection with providing services to our clients
Legal basis for processing. We process personal information of individuals whose personal information we obtain in connection with providing services to our clients to comply with; (i) our contractual obligations; (ii) our legal and regulatory obligations; and/or (iii) for our legitimate interest in delivering uninterrupted, consistent, and high-quality services to our clients.
We process personal information of individuals whose personal information we obtain in connection with providing services to our clients for various reasons, including fulfilling our contractual obligations, complying with legal and regulatory requirements, and maintaining client relationships.
As part of the performance of services to our clients, we process personal information of individuals with whom we do not have a direct (contractual or other) relationship. For instance, when delivering data management services, our team may need to access and manage information related to client employees, suppliers and customers, as well as other relevant information for the purpose of providing accurate and high-quality master data for our client. We seek confirmation from our clients that they have the authority to share personal information with us in connection with our services and that any personal information they provide to us has been processed in compliance with applicable law.
As a result of the diversity of our services, we process many categories of information including personal details (such as name, age, date of birth, gender, marital status and country of residence), contact details (such as phone numbers, email address, postal address and customer ID), financial details (such as transaction history, purchasing behaviour and payment-related information) and employment details (such as role and rank).
(d) Contacts in our customer relationship management (CRM) systems
Legal basis for processing. Our legal basis for processing personal information about contacts in our CRM system lies in our legitimate interests in managing the relationship with our business contacts and providing information about our organization, our services and events we organize, as well as your explicit consent.
We process personal information about contacts in our CRM systems. These contacts include former, current, and prospective clients, as well as individuals associated with these clients and other business connections such as consultants and partners within our CRM systems. If you have opted out of receiving future communications from us, your basic contact details may remain on our opt-out list.
The categories of personal information processed within our CRM systems include personal and contact details (such as names, job titles, addresses, email addresses, phone and numbers), affiliation with the respective employer or organization, marketing preferences and user choices (such as consent to receive marketing communications), interaction data (such as invitation responses, reading activities, and event attendance confirmations facilitated through cookies and similar technologies to personalize our communications).
We don’t intentionally collect special category data, unless you provide it to us. For example, if you disclose special dietary requirements that may reveal religious affiliations or food allergies when attending our events.
(e) Individuals who correspond with us via email
Legal basis for processing. Our legal basis for processing the personal information of individuals who correspond with us via email lies in our legitimate interest in protecting our IT infrastructure against unauthorized access or data leakage and our legitimate interest in analyzing email traffic.
If you correspond via email with us, your emails will be scanned by the tools we operate to maintain the security of our IT infrastructure. This may result in the information you send being read by persons other than the intended recipient.
(f) Job applicants
Legal basis for processing. Our legal basis for processing personal information from and about candidates lies in our legitimate interest in attracting, identifying and sourcing talent; processing and managing applications for roles within our organization (e.g. screening andd selecting candidates); hiring and onboarding candidates by making an offer to successful candidates and by carrying out pre-employment screening checks; managing our career website (including conducting statistical analyses); complying with a legal or regulatory obligations; and the explicit consent of the candidate.
We collect personal information about and from you, as a job applicant, in the context of available employment opportunities within our organization. We collect some of this information directly from you, such as the information you provide when submitting an application on our website. Other sources of candidate information include recruitment agencies, references (which may include feedback from former employees and employers), background screening checks and public online sources, including professional profiles available online (such as LinkedIn).
The personal information collected and how we use it varies depending on the country in which you apply. In general, the information we collect from applicants includes basic contact information, resumes, identification documents, educational records, employment history, and references. We use your personal information to assess how your qualifications, experience, and education align with our employment opportunities. Your information is shared with the relevant hiring manager, as well as with other individuals participating in the hiring process, to determine whether we wish to invite you to an interview. Should you progress to the interview or equivalent stage, we will gather additional information, such as interview notes, assessments, feedback, and offer particulars.
We also collect special category data from candidates when required by employment laws. This data would be related to your prospective work environment with us or to the potential provision of employment benefits. Where it is lawful to do so and only with your explicit consent, we may also collect information related to disabilities for the purpose of workforce diversity analysis. This information may also be used during onboarding to ensure you are provided with a suitable work environment. Additionally, we may need to conduct criminal background checks candidates to assess employment eligibility. In certain countries, we ask candidates to voluntarily provide diversity information about their race, ethnicity, and sexual orientation for workforce diversity purposes. However, if a candidate chooses not to provide this information, we may be required by law to make our own evaluation of these criteria.
(g) Suppliers
Legal basis for processing. We process the personal information of our suppliers (including subcontractors, and individuals associated with our suppliers and contractors) for the fulfillment of our contractual obligations, to comply with our legal and regulatory obligations, for our legitimate interest in managing payments and collecting amounts owed to us, for our legitimate interest in protecting our organization from inadvertently engaging in transactions involving the proceeds of criminal actions or assisting in any unlawful or fraudulent activities.
Generally, the personal information we process about our suppliers is limited to payment information and contact information (such as names, employer name, phone numbers, and email addresses). Prior to engaging a new supplier, we also use supplier personal information to conduct background checks required by law or regulation, such as screening for corruption, bribery and fraud.
Retention
We retain personal information only for as long as it is required for the purposes described in the section “Purposes for which we process personal information.” In order to meet our legal requirements, to establish, exercise or defend our legal rights, and for archiving purposes, we need to retain information for significant periods of time.
Keeping your personal information current
We maintain the accuracy and completeness of the personal information we hold about you. Please inform us of any changes to your contact information or other personal information by contacting the person you usually speak with within our organization.
Security
We protect the confidentiality and security of the information we obtains in the course of our business. We limit access to such information, and have implemented policies and procedures to safeguard the information from loss, misuse and improper disclosure.
Transfers of personal information
We respect international laws and regulations including the EU General Data Protection Regulation 2016/679 (GDPR) and our privacy practices are aligned with their requirements. If you are located in the European Union (EU), the European Economic Area (EEA) or Switzerland, we will comply with applicable legal requirements providing adequate protection for the transfer of personal information to recipients in countries outside of the EEA.
External support providers
We transfer or disclose the personal information we collect to external support providers (and their subsidiaries and affiliates) who we engage to support our internal processes. Our policy is to only use support providers that are bound to maintain appropriate levels of data protection, security and confidentiality.
Changes to this privacy statement
We reserve the right to modify or supplement this privacy statement at any time. If we make any material change, we will notify you by posting notice of the changes on the website. Please check this page from time to time to inform yourself of any changes in this privacy statement.