Privacy Notice

“Personal Data” means data that can be used to identify an individual. Personal Data we may collect includes:

• Name;
• Email address;
• Phone number;
• Address;
• Address;
• Company, Job title/Role;
• Photographs;
• Testimonials;
• Publicly available information such as social media posts;
• Information on your interaction with our website, such as your site navigation, pages clicked or viewed, and date and time of activities.

Like many websites, we collect certain information automatically and store it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information.

Oversight does not require and we request that you do not send us any sensitive Personal Data such as social security or national identification numbers, information related to racial or ethnic origin, political opinions, religious beliefs, health data, biometrics or genetic information, criminal background or trade union membership information.

The information that we process relating to you is used for

• Marketing and sales;
• Improving the content and performance of our website;
• Providing you with a more personal overall experience;
• Communications with you;
• Delivering functionality on our sites and for their technical and functional management;
• Managing the security of our sites, networks and systems;
• Complying with applicable laws and regulations and to operate our business;

Oversight is relying on the following lawful grounds to collect and process personal data:

• We have a legitimate interest in communicating with you and responding to your requests.
• In order to engage in transactions with clients, we need to process Personal data necessary to enter into or perform a contract with you.
• Based on your consent, we process Personal Data for marketing and sales activities where so indicated on our sites at the time your personal information was collected, and then based on our legitimate interest to market and promote our services.
• In order to analyze, develop, improve and optimize our website and services, and to maintain the security of our website, networks and systems we rely on legitimate interest.
• In order to comply with applicable laws and regulations, such as to comply with a subpoena or other legal process, or to process an opt-out request.

Oversight does not sell or lease your Personal Data. We will share or disclose your information in the following ways:

• With third party service providers, agents, or contractors. We use other companies, agents or contractors ("Service Providers") to perform services on our behalf or to assist us with providing services to you. For example, we may engage Service Providers to provide services such as marketing, advertising, communications, and to analyze and enhance data (including data about users' interactions with our service). These Service Providers may have access to your personal data in order to provide these functions. In addition, some of the information we request may be collected by third party providers on our behalf. Service Providers are under confidentiality agreements and we do not authorize them to use or disclose your personal information except in connection with providing their services.
• Analytics. Specifically, for analytics providers, we use Google Analytics. Google Analytics which is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
• Advertising. We may use the third-party Service Providers below to show advertisements, which may include targeted advertisements on a third-party site after you have visited our website. We and the third-party service providers use cookies to inform, optimize, measure performance serve ads based on your previous visits to our site. Any tracking that a third party performs is subject to their own privacy notice.

• • Doubleclick
  • Facebook
  • Google
  • Hubspot
  • LinkedIn
  • ClearOut
  • Wistia
  • YouTube
  • 6sense
  • TechTarget
  • HotJar

• Complying with legal process or to protect Oversight. If we believe that disclosure is reasonably necessary to comply with a law, regulation, legal or governmental request (please see our Governmental and Law Enforcement Access Request Policy below); to enforce applicable terms of use, including investigation of potential violations thereof; to protect the safety, rights, or property of the public, any person, or Oversight as required by law; or to detect, prevent, or otherwise address, security or technical issues or illegal or suspected illegal activities (including fraud).
• Business Transfers. We may engage in a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding that involves the transfer of the information described in this Notice. In such transitions, customer information is typically one of the business assets that is transferred or acquired by a third party. In the unlikely event that we or substantially all of our assets are acquired or enter a court proceeding, you acknowledge that such transfers may occur and that your personal information can continue to be used as set forth in this Notice.

Choice

• E-mail. If you do not wish to receive e-mails from us, you may update your settings or opt out at any time. If you opt out of a marketing e-mail, we may still send you transactional and administrative emails about this privacy notice or about the products or services you have purchased.
• Cookies. Your browser’s help function should contain instructions on how to set your computer to accept all cookies, to notify you when a cookie is issued, or to not receive cookies at any time.
• Advertising. You can opt out of online targeted advertising by opting out within the advertisement itself or by visiting Digital Advertising Alliance, the Digital Advertising Alliance of Canada or the European Interactive Digital Advertising Alliance.

Individual Rights. You may have certain rights under applicable data protection laws such as the EU General Data Protection Regulation (GDPR) or the California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA):

• The right to know what Personal Data is being collected about you.
• The right to access and receive a copy of your Personal Data.
• The right to rectify inaccurate Personal Data.
• The right to request the deletion of your Personal Data.
• The right to object to the processing of your Personal Data.
• The right to request restriction to the processing of your Personal Data.
• If you feel that our processing of your personal data infringes on data protection laws, you may have a legal right to lodge a complaint with a supervisory authority responsible for data protection.

Please note, 1) we will need to verify your identity before being able to respond to requests and 2) in some cases, we may not be able to fulfill a request, in which case we will let you know if we are unable to do so and why.

To exercise a right you might have under data protection law, please contact us at privacy@oversight.com or by calling +1 866.876.5578 and selecting option 9.

We have further appointed IT Governance Europe Limited to act as our EU Representative and GRCI Law Limited to act as our UK Representative. If you wish to exercise your rights under the EU General Data Protection Regulation (EU GDPR), or have any queries in relation to your rights or general privacy matters, please email our Representative at eurep@itgovernance.eu or post your request or query to: EU Representative, IT Governance Europe, The Mill Enterprise Hub, Stagreenan, Drogheda, Co. Louth, A92 CD3D, Ireland. If you wish to exercise your rights under the UK General Data Protection Regulation (GDPR) or have any queries in relation to your rights or privacy matters generally please email our Representative at ukrep@grcilaw.com or post your request to GRCI Law Limited, Unit 3, Clive Court, Bartholomew's Walk, Cambridgeshire Business Park, Ely, Cambridgeshire, CB7 4EA. Please ensure to include our company name in any correspondence you send to our Representatives.

Oversight has implemented appropriate physical, technical, and organizational measures and safeguards with respect to Personal Data designed to protect against accidental or unlawful destruction or accidental loss, alteration, and unauthorized disclosures or access.

Your Personal Data is stored by Oversight on its servers, and on the servers of the cloud-based database management services Oversight engages, located in the United States. Oversight will retain your Personal Data only for as long as is necessary for the purposes set out in this Notice.

Oversight and our Service Providers use cookies, web beacons and other data technologies to receive and store certain types of information when you interact with us through your computer or mobile device. Using these technologies helps us recognize you, customize your experience and make relevant marketing messages. Many browsers default to accepting cookies. You may be able to change this setting in your browser and you can also clear your cookies. In doing so please be advised you may lose some or all functionality of our website. Check your browser’s help function to learn more about your cookie setting options. If you have any questions about cookies you can go to www.youronlinechoices.com/uk or http://www.allaboutcookies.org/.

Please note at this time, we do not recognize automated browser signals regarding tracking mechanisms, which may include "do not track" instructions as there is no consistent industry standard for compliance.

Our site is not directed at children. If you learn that your minor child has provided us with their personal data, please contact us.

We welcome any queries, comments or requests you may have regarding this Notice. You may contact us at:

privacy@oversight.com

+1 866.876.5578 and selecting option 9

Oversight Systems, Inc.
Attn: Chris Hamilton
360 Interstate North Pkwy, Suite 300
Atlanta, GA 30339

Oversight complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Oversight has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  Oversight has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regards to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov.

Oversight is responsible for the processing of personal data it receives under the DPF and subsequently transfers to a third party acting as an agent on its behalf.  Oversight complies with the DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.

The Federal Trade Commission has jurisdiction over Oversight’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.  In certain situations, Oversight may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements as described in the Governmental and Law Enforcement Access Request Policy section below.

If we cannot resolve a compliant through our internal processes, we commit to cooperate and comply with the advice of the panel applicable to the complainant established by the EU Data Protection Authorities (“EU DPAs”), the UK Information Commissioner’s Office (“ICO”), and the Swiss Federal Data Protection and Information Commission (“FDPIC”) with respect to all Personal Data. 

If we are unable to resolve a complaint through the independent dispute resolution panel appliable to you, you may be able to invoke binding arbitration for some residual claims not otherwise resolved by other recourse mechanisms. This binding arbitration mechanism is administered by the International Centre for Dispute Resolution -American Arbitration Association (ICDR-AAA). For more information about binding arbitration, please visit the Data Privacy Framework's Annex regarding Arbitration. 

Oversight will:

1. Only disclose data when legally compelled to do so through:
• a valid subpoena, court order or search warrant issued under the procedures described in the Federal Rules of Criminal Procedure or other applicable procedures; or
• a valid state or local warrant or document production request; or
• a Mutual Legal Assistance Treaty (MLAT) or similar legal processes from international law enforcement and governmental agencies.
2. Review all client data disclosure orders and contest the request if we believe a request is invalid under applicable law.
3. Limit client data disclosure to only what is legally required. Oversight requires access requests to be narrowly targeted and only seek information about specific clients.
4. Where possible and legally permitted, refer the request directly to the affected client.
5. Notify clients when their data is being sought in response to a legal process except where providing notice is explicitly prohibited by the legal process itself, by a court order, or by applicable law.