Data Privacy & GDPR We take your privacy very seriously and have adopted the Privacy by Design principles that underpin GDPR. We’ve done this, not just to comply with GDPR, but because it is good business practice. What’s great about GDPR is that it has given clear guidelines on what is required. Want to know more about GDPR and the benefits? Read this blog post. Manage your Data Privacy The type of personal information we collect We currently collect and process your data in the following circumstances: You have registered to use Elements.cloud You have attended a webinar or event hosted or sponsored by Elements.cloud You have filled out a form on our website to contact us, sign up for emails or download content We have identified that your business could benefit from a Change Intelligence Platform and that you may be the correct person at your business to speak to about it We have identified your business as a potential partner of Elements.cloud We collect and process the following information: Personal identifiers relating to your role at your business Contact details such as email address and telephone number Cookies for analytics and site experience Data about your business IP Address We use the information that you have given us for sales, marketing, performance of contract and other business activities. Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for processing this information is either: Your consent. You are able to remove your consent at any time. You can do this by completing the form below We have a contractual obligation. We have a legitimate interest. We may share this information with select partners in the case of shared sales and marketing activities e.g. A co-sponsored event or content piece. We will never sell your data. We take appropriate technical measures and follow well-defined employee practices to ensure that Personal Data is processed promptly and accurately, and is retained only for as long as necessary. Where Personal Data is transferred across international borders, such transfers will only be carried out in accordance with applicable data protection legislation and with appropriate safeguards to protect the rights of Data Subjects. How we store your personal information Your information is securely stored or processed in the following tools: Salesforce Hubspot Gainsight Docebo AWS Smartsheets Docusign G2 Gong Slack Celonis Make Amplemarket Open AI G Suite Gemini Elements.cloud Intercom Xero Validity Linkedin Clearbit Playable Drata PDF.co Consensus Under GDPR you are able to make different requests which must get a response within 30 days. Subject Matter Access (Articles 15 & 19): to tell you where we hold your data Right to Rectification (Articles 16 & 19): you need us to correct inaccurate personal data Erasure “right to be forgotten” (Articles 17 & 19): you want us to delete all the personal data we hold, provided we are not prevented by law Right of Restriction of Processing (Articles 18 & 19): this is to stop us using your personal data if we are prevented from deleting it Right to Receive Personal Data (Articles 19 & 20): you want to receive your data in a “structured, commonly used and machine-readable format” to pass to another company Right to Object (Articles 19 & 21): you object to us using your personal data for direct marketing, so essentially this is “unsubscribe” U.S. Privacy & State Privacy Laws Scope & Jurisdiction This section applies to residents of the United States. Where the provisions of U.S. state privacy laws differ from (or impose stricter obligations than) the terms above (in the GDPR section), this section prevails for U.S. persons. Rights by State LawDepending on your state of residence, you may have some or all of the following rights: Access / Know –You may request disclosure of the categories and specific pieces of personal information we have collected, the purposes for collection, and the disclosures or sales of that information.Deletion –You may request deletion of your personal information, subject to certain exceptions (e.g. to complete a transaction, detect security incidents, comply with legal obligations).Correction –You may request correction of inaccurate personal information.Portability –You may request a copy of certain personal information in a portable, usable format.Opt-Out / Limit Use –You may opt out of the “sale” or “sharing” of your personal information, and in some states (Virginia, Colorado, etc.) opt out of certain types of targeted advertising or profiling.Non-Discrimination –We will not discriminate against you for exercising a privacy right (e.g. by denying service, charging different fees, or reducing quality). “Do Not Sell or Share My Personal Information” We do not sell or share your personal information for monetary consideration. If that changes, we will provide a clear and conspicuous link (or toggle) titled “Do Not Sell or Share My Personal Information” to allow you to opt out. Verification & Limitations We will verify your identity before fulfilling certain requests. Some requests may be partially denied under legally permitted exceptions (e.g. retention for fraud prevention, compliance obligations, etc.). If so, we will notify you of the reason. Cross-border Transfers & SafeguardsWe may transfer and process your personal information within and outside the U.S. We maintain appropriate safeguards and controls to protect your personal data consistent with applicable laws. Request Form Fill out this form to make a GDPR request, or if you prefer, you can email privacy@elements.cloud.
