Privacy policy
Last Revised: 11/6/24
Your privacy is important to us. This Privacy Policy (“Privacy Policy”) describes how ControlTheory, Inc. (“ControlTheory”, “we”, “us”, or “our”) may collect, use, store, disclose, process, and transfer your personal information through your access to or use of ControlTheory products and services, including those at https://www.controltheory.com/ as well as any subdomains, website of ours that links to this Privacy Policy, related websites, and other offerings (collectively, the “Services”). By using the Services or, if required by laws applicable to you, opting into this Privacy Policy, you signify your acceptance of this Privacy Policy. If you do not agree to this Privacy Policy, please do not use the Services. ControlTheory may change this Privacy Policy from time to time by posting changes at https://www.controltheory.com/privacy-policy and may send notification emails regarding such changes. Your continued use of the Services following the posting of such changes will be deemed your acceptance of those changes, unless additional consent is required.
ControlTheory encourages you to read this Privacy Policy in its entirety, but here are a few key points:
This Privacy Policy applies when you access the Services or share information with ControlTheory. ControlTheory may revise this Privacy Policy at any time. More
Information We Collect from You
We collect all information that you provide, information you provide via the Services, your devices (e.g., computers, smartphones, and tablets), telephone and email as well as information we receive from partners and using cookies and other such technologies. More
We process your personal information only with your consent or as needed to provide you the Services. We may also use your personal information to comply with legal obligations, operate our business, protect the vital interests of you, our customers, or the public, or for other legitimate interests of ControlTheory. More
We may share your information with our partners, service providers, contractors, agents, and third-party vendors as they need it to help us provide the Services, for other requests you make of ControlTheory, or in furtherance of our other reasons discussed in this Privacy Policy. We may also share your information to comply with law or for other legitimate interests. More
How We Store and Secure Your Information
We will retain your information as long as necessary for the purposes outlined in this Privacy Policy or for so long as permitted by law, whichever is shorter. ControlTheory takes technological and organizational measures designed to protect your personal information against loss, theft, and unauthorized access, use, disclosure, or modification. More
Accessing and Updating Your Information
You can access, get copies of, request deletion of, change, or correct your personal information, or request changes to our use of your personal information by using the contact information below. More
Additional Privacy Information
ControlTheory’s databases are located in the United States, and you consent to the transfer of your personal information from your location to the United States. The Services are not for use by children under the age of 16 or the lowest age permitted by applicable law, and we do not collect or process the personal information of any children under the age of 16 or the lowest age permitted by applicable law. You may have additional rights under applicable law where you reside. If you have any questions about this Privacy Policy, please contact us via the contact information below. More
European Union, United Kingdom, and Swiss Data Subject Rights
If you are an EU, UK, or Swiss resident, you may have additional rights under applicable privacy laws and regulations. More
Privacy Policy Applicability
This Privacy Policy applies when you use or access the Services or share information with ControlTheory. By accessing or using the Services and/or opting into this Privacy Policy (as applicable in your jurisdiction), you consent to this Privacy Policy. ControlTheory may update this Privacy Policy at any time. If you do not consent to this Privacy Policy for any reason, please do not access or use the Services or share your information with us. Please note that this Privacy Policy applies only to the Services and not to any other third-party website linked to or from it, or any third-party website in which ControlTheory’s content or functionality is embedded. We do not control the privacy policies or practices of others.
Information We Collect from You
In general, we receive and collect all information you provide via the Services, including through website input fields, phone, email (including email campaigns), or other such ways. This includes personal information that can identify or relates to you, including, but not limited to:
Category of Personal Information | Examples of Personal Information We Collect | Categories of Sources from which such Personal Information is Collected | Categories of Third Parties or Services Providers with whom we share such Personal Information |
Profile or Contact Data | Examples may include: First and last nameTelephone number Email address | YouService providers ControlTheory’s affiliated entities, partners, etc.Other independent third-party sources | Data analytics providers Service providers Partners you authorize, access, or authenticate |
Device/IP Data | Examples may include: Device IDDevice modelBrowser typeType of device and operating systemInformation regarding your interaction with the ServicesInformation collected automatically through cookies and similar technology, device type, domain names, and access time/logs | YouService providers ControlTheory’s affiliated entities, partners, etc.Other independent third-party sources | Data analytics providers Service providers Partners you authorize, access, or authenticate |
Web Analytics | Examples may include: Web page interactionsReferring webpage/source through which you accessed the ServicesBrowsing activity, including the addresses of websites that you visitStatistics associated with the interaction between device or browser and the Services | YouService providers ControlTheory’s affiliated entities, partners, etc.Other independent third-party sources | Data analytics providers Service providers Partners you authorize, access, or authenticate |
Professional or Employment-Related Data | Examples may include:EmployerJob title | YouService providers ControlTheory’s affiliated entities, partners, etc.Other independent third-party sources | Data analytics providers Service providers Partners you authorize, access, or authenticate |
Inferences Drawn from Other Personal Data Collected | Examples may include:Profiles reflecting user attributesProfiles reflecting user behavior | YouService providers ControlTheory’s affiliated entities, partners, etc.Other independent third-party sources | Data analytics providers Service providers Partners you authorize, access, or authenticate |
Other Identifying Information that You Voluntarily Decide to Provide | Examples may include:Identifying information in emails, texts, letters, or other communications you send us | YouService providers ControlTheory’s affiliated entities, partners, etc.Other independent third-party sources | Data analytics providers Service providers Partners you authorize, access, or authenticate |
You have the choice regarding what information to share and the Services you want to engage. You can choose not to provide information to us, but in general, some information about you is required in order for you to access certain functionalities of the Services.
We may periodically obtain information about you from partners and other independent third-party sources and will add it to our database of information, including any information that you provide to third parties that are associated or whose products or services are integrated with the Services. For example, we may receive information from your employer in order to activate your account and authenticate you as the intended user.
We may use cookies, device identifiers, and similar tracking technologies, including those from third-party service providers like Google Analytics, Google AdWords, Google Tag Manager, HubSpot, WordPress, and other cloud-based tools, to automatically collect your preferences, performance data, and information about your web usage when you visit the Services. For example, we may collect your device and Internet service provider information, Web browser details and the address of any referring website. We may also collect information about your online activity, such as pages viewed and your interaction with the pages. By collecting and using this information, we may operate and personalize the Services for you. For more information on how we use cookies, please see the “Cookies” section below.
The Services are not designed to recognize or respond to “do not track” signals received from browsers. You can control the information collected by such tracking technologies or be alerted when cookies are sent by adjusting the settings on your Internet browser or devices, but such adjustments may affect or disable certain functionality of the Services. You can learn more about Google Analytics and your options for opting out of interest-based Google ads at https://adssettings.google.com. You can learn more about targeted ads and your ability to opt out of receiving interest-based ads at optout.aboutads.info and www.networkadvertising.org/choices.
Sensitive Information. ControlTheory does not collect any sensitive personal information through our Services. Sensitive personal information, as defined by applicable data protection laws, includes information relating to your race, ethnicity, religious beliefs, moral beliefs, philosophical beliefs, sex life, sexual orientation, gender identity, political opinions, trade union membership, medical information (including mental health), genetic data, biometric data, or financial information (such as account numbers). We also do not collect any information about criminal convictions or offenses.
Cookies
Cookies, also known as tracking cookies or browser cookies, and similar technologies such as web beacons, clear GIFs, pixel tags, and JavaScript (collectively, “Cookies”) are small pieces of data, usually text files, placed on a computer, tablet, phone, or similar device when you use that device to access the Services. We use the following types of Cookies:
- Essential Cookies. Essential Cookies are necessary for providing you with the Services and features that you requested. For example, these Cookies allow you to log into and stay logged into secure areas of the Services, save language preferences, and more. These Cookies are required to make the Services available to you, so they cannot be disabled.
- Functional Cookies. Functional Cookies are utilized to record your choices and settings, maintain your preferences over time, and recognize you when you return to our Services. These Cookies help us personalize our content for you, greet you by name, and remember your preferences. Some examples include your ability to comment on a blog, facilitate web chat services, update user preferences, and more.
- Performance/Analytical Cookies. Performance/Analytical Cookies allow us to understand how visitors (like you) use the Services. These Cookies accomplish this by collecting information about the number of visitors to the Services, what pages visitors view the most, and how long visitors view specific pages. For example, Google LLC (“Google”) uses cookies in connection with its Google Analytics services. Google’s ability to use and share information collected by Google Analytics about your visits to the Services is subject to the Google Analytics Terms of Use and the Google Privacy Policy. You have the option to opt-out of Google’s use of Cookies by visiting the Google advertising opt-out page at http://www.google.com/privacy_ads.html or the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout/.
You have the option to decide through your internet browser’s settings whether or not to accept Cookies. Most browsers allow users to choose whether to turn off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the browser) allow you to toggle whether to accept each new Cookie. You can also clear all Cookies that are already on your device. If you do this, however, you may have to manually adjust some preferences every time you visit the Services, and some functionalities may not work. To explore what Cookie settings are available to you, look in the “settings”, “preferences” or “options” section of your browser’s menu.
To find out more information about Cookies, including information about how to manage and delete Cookies generally, please visit http://www.allaboutcookies.org/.
How We Use Your Information
We process your personal information with your consent or as needed to provide you the Services. We may also use your personal information to comply with legal obligations, operate our business, protect the vital interests of you, our customers, or the public, or for other legitimate interests of ControlTheory as described in this Privacy Policy.
More specifically, we may use your personal information to:
- Optimize and improve the Services. We continually try to improve the Services based on the information and feedback we receive from you and our other users, including by optimizing the content on or functionalities of the Services.
- Personalize the user experience. We may use your information to measure engagement with the Services and to understand how you and our other users interact with and use the Services and other resources we provide.
- To send periodic communications. The communication methods you provide through our contact forms will be used to send information and updates pertaining to the Services. It may also be used to respond to your inquiries or other requests. If you opt into our mailing list, you may receive emails that include ControlTheory news, updates, product offerings and service information, and marketing material. If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email or you may contact us via the contact information below. Please note that if you unsubscribe from promotional emails, you may still receive communications related to your subscription, your purchase, or other necessary functionalities of the Services.
- Carry out other legitimate business interests. We may use the information you provide to carry out other legitimate business purposes, as well as other lawful purposes.
We may use any aggregated information (as described below) for any purpose.
How We Share Your Information
We share your information with our partners, service providers, contractors, agents, and third-party vendors as needed to fulfill Services. Please note that our partners may contact you as necessary to obtain additional information about you, facilitate any use of the Services, or respond to a request you submit.
Third-party vendors who provide products, services or functions on our behalf may include business analytics companies, communications service vendors, and security vendors. We may also authorize third-party vendors to collect information on our behalf, including as necessary to operate features of the Service. Third-party vendors have access to and may collect personal information only as needed to perform their functions, may only use personal information consistent with this Privacy Policy and other appropriate confidentiality and security measures, and are not permitted to share or use the information for any other purpose.
We also may share your information:
- In response to subpoenas, court orders, or other legal process; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases we reserve the right to raise or waive any legal objection or right available to us.
- When we believe it is appropriate to investigate, prevent, or take action regarding illegal or suspected illegal activities; to protect and defend the rights, interests, or safety of our company or the Services, our customers, or others; or in connection other agreements with customers of which you may be affiliated.
- In connection with a corporate transaction, such as a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.
Other than as set out above, we will attempt to notify you when your personal information will be shared with third parties.
Personal Information You Post in Public Areas. When you post a message in a ControlTheory review or customer feedback, the information you post may be accessible to other users of the Services and the public. If you post personal information anywhere on the Services that is accessible to other users or the public, you are advised that such personal information can be read, collected, used, or disseminated by others and could be used to send you unsolicited information or for other purposes. Accordingly, you assume full risk and responsibility for posting such information and agree that ControlTheory is not responsible in any way for personal information you choose to post in these public areas.
Aggregated Information. We may use, publish, share, distribute, or disclose personal information that has been aggregated with information from other users and otherwise anonymized and de-identified in a manner that does not allow third parties, including ControlTheory partners, sponsors, and advisers, to de-identify the data or identify it as originating from you. Such information may help ControlTheory identify and analyze training, demographic, and psychographic trends and information and report to third parties how many people saw, visited, or clicked on certain content, areas of the Services, or other materials. We may also use such data for research purposes and optimizing the Services’ functionality.
How We Store and Secure Your Information
Personal information collected by ControlTheory may be stored and processed in your region, in the United States, and in any other country where ControlTheory or its affiliates, subsidiaries, or service providers operate facilities. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective). However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Policy.
ControlTheory takes technological and organizational measures designed to protect your personal information against loss, theft, and unauthorized access, use, disclosure, or modification. For example:
- we transmit data over secured communication channels using SSL Login credentials;
- all personal information is stored by trusted third party providers (e.g., Amazon Web Services (AWS));
- all systems used to provide the Services are password protected;
- all Services usage is restricted on a per-user basis on the principle of least privilege; and
- all data is encrypted during transfer and while at rest.
We rely on AWS’ security programs to protect personal information while stored in their respective controlled facilities. For more information on AWS’ security practices and processes, please see https://aws.amazon.com/security/.
ControlTheory complies with applicable data protection laws, including applicable security breach notification requirements.
Data Retention
ControlTheory will retain your information as long as necessary for the purposes outlined in this Privacy Policy, in a manner consistent with our data retention policy discussed below, and for a commercially reasonable time thereafter for backup, archival, fraud prevention or detection or audit purposes or as permitted by applicable law. ControlTheory will retain your personal information consistent with the original purpose of collection or as long as necessary to comply with our legal obligations; maintain accurate accounting, financial and other operational records; resolve disputes; and enforce our agreements. We will never retain your information for a period longer than permitted by law.
We determine the appropriate retention period for personal information on the basis of the amount, nature, and sensitivity of the personal information being processed; the potential risk of harm from unauthorized use or disclosure of the personal information; whether we can achieve the purposes of the processing through other means; and applicable legal requirements.
After expiration of the applicable retention periods, your personal information will be deleted.
Accessing and Updating Your Information
To the extent provided by the law of your jurisdiction, you may:
- Have the right to access certain personal information we maintain about you and request details about how we process it;
- Request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes;
- Request that we update or correct inaccuracies regarding your personal information;
- Object to our use of your personal information;
- Ask us to block or delete your personal information from our database;
- Request to download the information you have shared on the Services; and
- Confirm whether ControlTheory stores your data in the United States.
You may make these requests and any other inquiries about this Privacy Policy by emailing support@www.controltheory.com. Any such requests are subject to the protection of other individuals’ rights and applicable law. Additionally, to help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to the requested information.
Additional Privacy Information
Data Transfer. Our databases are currently located in the United States. ControlTheory makes no claim that its Services are appropriate or lawful for use or access outside the United States. If you access the Services from outside the United States, you are consenting to the transfer of your personal information from your location to the United States. You are solely responsible for complying with all local laws, rules and regulations regarding online conduct and access to the Services. By providing us your information, you further consent to its storage within the United States.
Collection of Data from Children. The Services are not directed to children, and you may not use the Services or provide any personal information to ControlTheory if you are under the age of 16 (or the lowest age permitted by applicable law) or if you are not old enough to consent to the processing of your personal information in your country. We do not collect or process personal information of individuals under the age of 16 or the lowest age permitted by applicable law unless we receive all necessary consents from the individual’s parent or guardian.
California Resident Privacy Rights. California Civil Code Section 1798.83 permits our customers who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please e-mail us or contact us through the methods stated above.
European Union, United Kingdom, and Swiss Data Subject Rights
If you are a resident of the European Union (“EU”), United Kingdom (“UK”), Switzerland, Lichtenstein, Norway or Iceland, you may have additional rights under the EU or UK General Data Protection Regulation (the “GDPR”) or the Swiss Federal Act on Data Projection (“FADP”), as applicable, with respect to your Personal Data. The following discusses these rights.
For this section, the GDPR definition of “Personal Data” and “processing” are used. Generally, “Personal Data” means information that can be used to individually identify a person, and “processing” relates to actions that can be performed in connection with collecting, using, storing, and disclosing such data. ControlTheory is the controller of your Personal Data processed in connection with the Services.
If a conflict exists between this section and any other provision of this Privacy Policy, the more protective policy or portion shall govern to resolve such conflict. If you have any questions about this section or whether any of the following applies to you, please contact us at support@www.controltheory.com.
We may also process Personal Data of our customers’ end users in connection with our provision of services to our customers. In this case, we are the processor of Personal Data. If you have any questions regarding Personal Data when ControlTheory is the data processor, please contact the controller party in the first instance to address your rights with respect to such data.
Personal Data We Collect. The “Information We Collect from You” section above details the Personal Data that we collect from you.
Personal Data Use and Processing Grounds. The “How We Use Your Information” section above explains how we use your Personal Data. We will only process your Personal Data as explained in this Privacy Policy and if we have a lawful basis for doing so. The lawful bases include receiving your consent, having a contractual necessity, and furthering our legitimate interests or the legitimate interest of others. The following sections describe these in greater detail.
Consent
We process Personal Data based on the consent you expressly grant to us at the time we collect the data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection.
Contractual Necessity
We may process the Personal Data as a matter of “contractual necessity”. This means that we need to process the data to perform under our agreement with you and enable us to provide you with the Services. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Services.
Legitimate Interest
We process the following categories of Personal Data when we believe it furthers the legitimate interest of us or third parties providing products or services in connection with the Services:
- Profile or Contact Data
- Device/IP Data
- Web Analytics
- Professional or Employment-Related Data
- Inferences Drawn from Other Personal Data Collected
- Other Identifying Information that You Choose to Provide
We may also de-identify and anonymize Personal Data to further our legitimate interests.
Examples of these legitimate interests include (as described in more detail above in the “How We Use Your Information” section):
- Providing, customizing, and improving the Services.
- Marketing the Services.
- Corresponding with you.
- Meeting legal requirements and enforcing legal terms.
- Completing corporate transactions.
Other Processing Grounds
Occasionally, we may also need to process Personal Data to comply with legal obligations, to protect the vital interests of you or other data subjects, or to carry out a task necessary for the public’s interest.
Sharing Personal Data. The “How We Share Your Information” section above details how we share your Personal Data with third parties.
EU, UK and Swiss Data Subject Rights
EU, UK and Swiss data subjects have certain rights with respect to Personal Data. This is further set forth below. For more information about these rights or to submit a request, please email us at support@www.controltheory.com. Please note that in some circumstances, ControlTheory may be unable to fully comply with your request, including if the request is frivolous, extremely impractical, jeopardizes other’s rights, or not required by law. In those circumstances, we will still notify you of such a decision. Generally, we may also need you to provide us additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request. Your rights include:
- Access: You can request information related to the Personal Data we store about you and request a copy of such Personal Data.
- Rectification: If you believe that any Personal Data, we store about you is incorrect or incomplete, you can request we supplement or correct such Personal Data.
- Erasure: You can request we erase part or all of your Personal Data from our systems.
- Withdrawal of Consent: If we are processing your Personal Data based upon your consent (as indicated at the time of collection of such data), you have the right to withdraw consent at any time. However, please note that if you change or withdraw consent, you may have to then provide express consent on a case-by-case basis if use or disclosure is necessary to enable you to use the Services.
- Portability: You can request for a copy of your Personal Data in a machine-readable format. You can also request we transmit the Personal Data to another controller to the extent such transmission is technically feasible.
- Objection: You can contact us to object to our further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes, by contacting us as described above.
- Restriction of Processing: You can request ControlTheory restrict further processing your Personal Data.
- Right to File Complaint: You have the right to submit a complaint about ControlTheory’s practices with respect to your Personal Data to the supervisory authority of your country or EU Member State. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.
Transfers of Personal Data. The “Data Transfer” information in the “Additional Privacy Information” section above details how and where we transfer your data. Most significantly, our databases are currently located in the United States, and you are consenting to ControlTheory transferring your Personal Data to the United States.