Privacy Policy

Updated:

Berkman Solutions, together with its affiliates and Berkman LLC (“Berkman,” “we,” “us,” or “our”), is committed to respecting your privacy and protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our websites and subdomains (“Site”) or use our application services (“Services”).

We are not in the business of selling or renting individuals’ personal data to other companies.

Key Terms

  • Berkman: Refers to Berkman and its affiliates.
  • Site: Websites and subdomains maintained by Berkman.
  • Services: Application services provided by Berkman.
  • Clients: Legal entities or individuals who contract with Berkman to provide one or more Services.
  • Users: Individuals given access to one or more Services by Clients.
  • Recipients: Individuals whose information is added by Clients and Users during the use of the Services.
  • Visitors: Individuals who view, access, or use our Site.

Application of Privacy Policy

This Privacy Policy applies to our Clients, Users, and Visitors. It does not apply to Recipients. Our Clients and Users are responsible for the use of Recipients’ information, including their name, email, and other identifiable information. Clients and Users must comply with all applicable laws before adding a Recipient to our Services.

Berkman acts as a data processor in providing the Services to Clients and Users, who are considered data controllers under applicable data protection laws.

Personal Information We Collect

Visitors

We collect information that your browser sends when you visit our Site, including:

  • IP address
  • Browser type and version
  • Referrer page
  • Domain name
  • Access time and date
  • Entry and exit pages
  • Operating system type
  • Search engine keywords used

If you submit a request for more information, we collect the information you provide, such as your name and email address.

Clients and Users

We collect personal data when you:

  • Register for an account with one or more of our Services,
  • Fill out forms requesting information or support, and
  • Subscribe to our communications.

The personal data we collect may include:

  • Name
  • Email address
  • Employer or company
  • Billing information for paid services (we do not retain credit card information)

Recipients

Clients and Users may use our Services to store and process information about Recipients. Clients and Users are solely responsible for ensuring that they have the legal basis to collect and process Recipients’ personal data in compliance with applicable laws, including the General Data Protection Regulation (“GDPR”).

How We Collect Information

Cookies and Similar Technologies

We use cookies and similar tracking technologies to:

  • Enhance your experience on our Site and Services
  • Support authentication and personalization
  • Understand how Visitors and Users interact with our Site and Services
  • Improve our Site and Services

Our cookies collect anonymous data and do not identify you personally. You can control cookies through your browser settings. Please note that disabling cookies may affect the functionality of our Site and Services.

We use third-party services to collect and analyze information about the use of our Site and Services.

Forms and Communications

We collect information that you provide voluntarily through forms on our Site or Services, designed to collect the minimum data necessary to fulfill your requests.

Children’s Privacy

Our Site and Services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information.

How We Use Personal Information

We process your personal data for the following purposes:

  • Provide Services: To perform our contractual obligations and provide you with our Services.
  • Communicate with You: To send you administrative information, updates, and announcements related to our Services.
  • Marketing: To send you marketing communications about our Services that may be of interest to you. You can opt out of receiving these communications at any time.
  • Customize Services: To personalize your experience and deliver content relevant to your interests.
  • Improve Our Services: To analyze data to understand how our Services are used and to enhance them.
  • Security: To protect the integrity and security of our Site and Services.
  • Legal Compliance: To comply with legal obligations and respond to legal processes.

We process your personal data based on the following legal grounds:

  • Consent: Where you have given consent for specific purposes.
  • Contract: Where processing is necessary for the performance of a contract to which you are a party.
  • Legal Obligations: To comply with legal requirements.
  • Legitimate Interests: For our legitimate interests in improving and securing our Services, provided that such interests are not overridden by your rights and interests.

How We Share Information

We do not sell, rent, or trade your personal data to third parties for marketing purposes. We may share your information in the following circumstances:

  • Service Providers: With third-party vendors and service providers who perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, and customer service. These parties are contractually obligated to protect your information and use it only for the services they provide to us. A list of our third-party processors is available in our Data Processing Agreement (DPA).

  • Legal Requirements: When required by law, court order, or other legal processes.

  • Protect Rights: To protect and defend our rights, property, or safety, and that of our Clients, Users, or others.

  • Business Transfers: In connection with a merger, sale, or transfer of assets, we may transfer your information to the involved parties.

  • With Your Consent: When you have expressly consented to the sharing of your information.

International Data Transfers

Your personal data may be transferred to and processed in countries outside of the European Economic Area (“EEA”), including the United States, where data protection laws may differ from those in your jurisdiction.

When we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place to protect your data, such as:

  • Standard Contractual Clauses: We use standard data protection clauses approved by the European Commission.
  • Data Processing Agreements: We have Data Processing Agreements with Clients that cover transfers.

Your Rights and Choices

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access: To obtain confirmation as to whether your personal data is being processed and access to your personal data.
  • Right to Rectification: To request correction of inaccurate personal data.
  • Right to Erasure: To request the deletion of your personal data under certain conditions.
  • Right to Restrict Processing: To request the restriction of processing your personal data under certain conditions.
  • Right to Data Portability: To receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
  • Right to Object: To object to the processing of your personal data under certain conditions.
  • Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw consent at any time by contacting us at our data protection office email address below.
  • Right to Lodge a Complaint: To lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates applicable laws.

Please note that we do not engage in automated decision-making, including profiling, that produces legal effects concerning you.

To exercise these rights, please contact us at our data protection office email address below. We will respond to your request within one month.

Marketing Communications

You can opt out of receiving marketing communications from us by following the unsubscribe instructions in our emails or by contacting us at our data protection office email address below.

Account Deactivation

To deactivate your account, please email us at [email protected] with your name, your organization’s name, and “Account Deactivation” in the subject line.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: All communications between your account and our servers are encrypted using industry-standard Secure Socket Layers (SSL) protocol.
  • Access Controls: Access to personal data is restricted to authorized personnel who require it for their job functions.
  • Firewalls and Monitoring: We use firewalls and monitoring tools to prevent unauthorized access.

Our detailed security practices are available at Security and Access.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

Data Breach Notification

In the unlikely event of a data breach that affects your personal data, we will notify the primary contact of our Client without undue delay, in accordance with applicable laws and regulations.

Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

  • Service Termination: Personal data is deleted within three months of service termination, unless the Client or User deletes data sooner.

Factors influencing retention periods include:

  • Legal Obligations: Compliance with legal and regulatory requirements.
  • Dispute Resolution: To resolve disputes or enforce agreements.
  • Business Needs: To maintain business records for analysis and/or audit purposes.

Upon expiration of the applicable retention period, we will securely delete or anonymize your personal data.

Our Site and Services may contain links to third-party websites. We are not responsible for the privacy practices or content of such websites. We encourage you to review the privacy policies of any third-party sites you visit.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated “Last updated” date at the top of this page. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Contact Us

If you have any questions or concerns about this Privacy Policy or our practices, please contact us at:

Email: [email protected]

For data protection inquiries, please contact our Data Processing Office at:

Email: [email protected]

Postal Address:

Berkman Solutions PO Box 1701 Beaverton, OR 97075 USA

Supervisory Authority

If you believe that our processing of your personal data violates applicable data protection laws, you have the right to lodge a complaint with a supervisory authority in your country of residence within the European Union.