Vendia Privacy Notice
Last Modified: 13 January 2023
All references to “we / our / us” shall mean Vendia, Inc. and “you / your” shall mean the individual person or legal entity that is using our Offerings. Capitalized terms used in this Policy without definition have the meanings given such terms in the Vendia Services Agreement.
At Vendia, we are committed to protecting your privacy. This Policy describes your choices and rights with respect to your Personal Data, including your rights of access and correction of your Personal Data. For the purposes of this Policy, "Personal Data" means any information relating to an identified or identifiable individual.
1. Personal Information We Collect
We collect your personal information (for purposes of this Policy , “Personal Data”) in the course of providing Vendia Offerings to you. Here are the types of information we gather:
1.1 Information You Provide to Vendia
We collect information you provide in relation to Vendia Offerings. You provide information to us when you:
- Search for, subscribe to, or purchase Vendia Offerings;
- Create or administer your Vendia account. You may have more than one account if you have used more than one email address when using Vendia Offerings;
- Configure your settings for, provide data access permissions for, or otherwise interact with Vendia Offerings;
- Communicate with us by email, direct messaging (“chat”), testimonials, inquiries, support tickets, and any phone conversations, chat sessions, community forums;
- Complete a questionnaire, a support ticket, or other information request forms;
- Post on Vendia websites or participate in community features; and
- Employ notification services.
Depending on your use of Vendia Offerings, you might supply us with such information as:
- Your name, email address, physical address, phone number, and other similar contact information;
- Payment information, including credit card and bank account information. Vendia does not collect or store credit card or bank account information directly, though we will use PCI-DSS compliant third party service providers.
- Information about your location;
- Information about your organization and your contacts, such as colleagues or people within your organization;
- Usernames, aliases, roles, and other authentication and security credential information;
- Individual and/or corporate identity and financial information sufficient to establish business relationships, such as billing and invoicing;
- VAT or other tax identifiers.
1.2 Automatic Information
We automatically collect certain types of information when you interact with Vendia Offerings. We collect information automatically when you:
- Visit, interact with, or use Vendia Offerings, including when you use your computer or other device to interact with Vendia Offerings;
- Download content from us;
- Open emails or click on links in emails from us; and
- Interact or communicate with us (such as when you request customer support).
Examples of the information we automatically collect include:
- Network and connection information, such as the Internet protocol (IP) address used to connect your computer or other device to the Internet and information about your Internet service provider;
- Computer and device information, such as device, application, or browser type and version, browser plug-in type and version, operating system, or time zone setting;
- The location of your device or computer;
- Authentication and security credential information;
- Content interaction information, such as content downloads, streams, and playback details, including duration and number of simultaneous streams and downloads;
- Vendia Offerings metrics, such as offering usage, occurrences of technical errors, diagnostic reports, your settings preferences, API calls, and other logs;
- The full Uniform Resource Locators (URL) clickstream to, through, and from our website (including date and time) and Vendia Offerings, content you viewed or searched for, page response times, download errors, and page interaction information (such as scrolling, clicks, and mouse-overs);
- Email addresses and phone numbers used to contact us; and
- Identifiers and information contained in cookies.
1.3 Information from Other Sources
We might collect information about you from other sources, including service providers, partners, and publicly available sources. Examples of information we receive from other sources include:
- billing, payment, and subscription information from Stripe, Gusto, bill.com, credit reporting agencies, or other service providers;
- domain registration or ownership information, if you are attempting to use that information to register domain ownership in connection with a Vendia Offering;
- marketing, sales generation, and recruitment information, including your name, email address, physical address, phone number, and other similar contact information; and
- search results and links, including paid listings (such as sponsored links).
2. How We Use Personal Information
We use your personal information to operate, provide, and improve Vendia Offerings, as well as to provide customer support, such as resolving technical issues you encounter and analyzing product outages or bugs. Our purposes for using your personal information include:
2.1 Provide Vendia Offerings: We use your personal information to provide and deliver Vendia Offerings and process transactions related to Vendia Offerings, including registrations, subscriptions, purchases, and payments.
2.2 Measure, Support, and Improve Vendia Offerings: We use your personal information to measure use of, analyze performance of, fix errors in, provide support for, improve, and develop Vendia Offerings.
2.3 Recommendations and Personalization: We use your personal information to recommend Vendia Offerings that might be of interest to you, identify your preferences, and personalize your experience with Vendia Offerings.
2.4 Comply with Legal Obligations: In certain cases, we have a legal obligation to collect, use, or retain your personal information, or to disclose to duly authorized government agencies or representatives with appropriate jurisdiction.
2.5 Communicate with You: We use your personal information to communicate with you in relation to Vendia Offerings via different channels (e.g., by phone, email, chat) and to respond to your requests.
2.6 Marketing: We use your personal information to market and promote Vendia Offerings. We might display interest-based ads for Vendia Offerings.
2.7 Fraud and Abuse Prevention and Credit Risks: We use your personal information to prevent and detect fraud and abuse in order to protect the security of our customers, Vendia, and others. We may also use scoring methods to assess and manage credit risks.
2.8 Purposes for Which We Seek Your Consent: We may also ask for your consent to use your personal information for a specific purpose that we communicate to you.
3. How We Share Personal Information
Information about our customers is an important part of our business and we are not in the business of selling our customers’ personal information to others. We share personal information only as described below. All data stored in Vendia Offerings is your data and you maintain full control over this data.
3.1 Transactions Involving Third Parties: We make available to you services, software, and content provided by third parties for use on or through Vendia Offerings. Vendia will ensure it is clearly identified when a third party is involved in your transactions, and when we share information related to those transactions with that third party.
3.2 Third-Party Service Providers: We employ other companies and individuals to perform functions on our behalf. Examples include: sending communications, processing payments, analyzing data, and providing marketing and sales assistance. These third-party service providers have access to personal information needed to perform their functions but may not use it for other purposes. Further, they must process that information in accordance with this Privacy Notice and as permitted by applicable data protection law.
3.3 Business Transfers: As we continue to develop our business, we might sell or buy businesses or services. In such transactions, personal information generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Notice (unless, of course, the individual consents otherwise). In the event that Vendia or substantially all of its assets are acquired, your information be included in the purchased or transferred assets.
3.4 Protection of Us and Others: We release account and other personal information when we believe release is appropriate to comply with the law, enforce or apply our terms and other agreements, or protect the rights, property, or security of Vendia, our customers, or others. This includes exchanging information with other companies and organizations for fraud prevention and detection and credit risk reduction.
4. Location of Personal Information
Vendia is located in the United States. Depending on the scope of your interactions with Vendia Offerings, your personal information may be stored in or accessed from multiple countries, including the United States. This Privacy Notice will apply even if we transfer Personal Data to other countries.
Whenever we transfer personal information to other jurisdictions, we take appropriate safeguards to require that your Personal Data will remain protected wherever it is transferred and ensure that the information is transferred in accordance with this Privacy Notice and as permitted by applicable data protection laws.
All data stored in Vendia Offerings is your data and you maintain full control over this data, including the geographical location of this data. Vendia will not transfer this data except in circumstances where needed to provide you with technical support for Vendia Offerings.
5. How We Secure Information
At Vendia, information security is our highest priority and our systems are designed with your security and privacy in mind. We secure the Personal Data you provide in a controlled, secure environment, protected from unauthorized access, use or disclosure.
We use a variety of security technologies and procedures to help protect your Personal Data from unauthorized access, use or disclosure:
- We maintain compliance programs that validate our security controls, such as SOC2 and GDPR.
- We protect the security of your information during transmission to or from Vendia websites, applications, products, or services by using encryption protocols and software.
- Vendia does not store any credit card or bank account information.
- We maintain physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of personal information. Our security procedures mean that we may request proof of identity before we disclose personal information to you.
- All data is encrypted both at rest and in transit.
6. Retention of Personal Information
We keep your personal information to enable your continued use of Vendia Offerings, for as long as it is required in order to fulfill the relevant purposes described in this Privacy Notice, as may be required by law (including for tax and accounting purposes), or as otherwise communicated to you.
How long we retain specific personal information varies depending on the purpose for its use, and the relevant government regulations and laws having jurisdiction over such retainment. After a reasonable period of time, we will either delete or anonymize your information or, if this is not possible, then we will securely store your information and isolate it from any further use until deletion is possible.
7. Cookies & Similar Technologies
Vendia Offerings may include third-party advertising and links to other websites and applications. Third party advertising partners may collect information about you when you interact with their content, advertising, or services.
8 Access and Control of Personal Information
You have the right to view, update, and delete certain information about your account and your interactions with Vendia Offerings. If you cannot access or update your information yourself, you can always contact us for assistance. Examples of information you can access through Vendia Offerings include:
- Name, email address, physical address, phone number, and other similar contact information;
- Usernames, aliases, roles, and other authentication and security credential information;
- Subscription, purchase, usage, billing, and payment history;
- Payment settings, such as payment instrument information and billing preferences;
- Tax information; and
- Email communication and notification settings.
Customers can also access the information above through the Vendia Management console. Changes to some information, such as email addresses or internet domains, may affect production systems that have been configured to operate with the information previously provided, and may require assistance from Vendia to update.
You have choices regarding the collection and use of your personal information. Many Vendia Offerings include settings that provide you with preferences as to how your information is being used. You can choose not to provide certain information, but then you might not be able to take advantage of certain Vendia Offerings.
- Account Information: If you want to add, update, or delete information related to your account, please go to the Vendia Management Console. When you update or delete any information, we usually keep a copy of the prior version for our records.
- Communications: If you want to opt-out of in-app notifications, please adjust your notification settings in the Vendia Management Console.
- Browser and Devices: The Help feature on most browsers and devices will instruct you how to prevent your browser or device from accepting new cookies, how to trigger the browser to notify you when you receive a new cookie, or how to disable cookies altogether.
9. Children’s Personal Information
We do not provide Vendia Offerings for purchase or use by children and do not market to users under the age of 18. Vendia Offerings are only available for purchase and use by users 18 years of age or older.
10. Contacts, Notices, and Revisions
If you have any concern about privacy at Vendia, please contact us with a thorough description, and we will try to resolve the issue for you. You may also contact us at the address below:
2041 East St PMB 81 \ Concord, CA 94520
If you interact with Vendia Offerings on behalf of or through your organization, then your personal information may also be subject to your organization’s privacy practices, and you should direct privacy inquiries to your organization.
Our business changes constantly, and our Privacy Notice may also change. You should check our website frequently to see recent changes.
Unless stated otherwise, our current Privacy Notice applies to all personal information we have about you and your account. We stand behind the promises we make, however, and will never materially change our policies and practices to make them less protective of personal information collected in the past without informing affected customers and providing them with choice.
11. Additional Privacy Rights
Please see Appendix below for additional information on the Privacy Rights of Individuals based in California and the EAA, UK or Switzerland
Appendix 1: For individuals based in the European Union (EU), European Economic Area (EEA), UK and Switzerland.
If you are based in one of these jurisdictions, Vendia is the controller of your personal data collected in the following instances:
- When you visit our Website at www.vendia.com
- When we process your personal data for sales and marketing purposes
Vendia is a processor of all personal data processed on the Application, on behalf of our Clients. We only process the personal data under their direction. Please contact your employer or the organization that granted you access to the Application for further details on their privacy practices.
We only process personal data if we have a lawful basis for doing so. The lawful bases applicable to our processing as controller are:
- Consent - We will ask for your express and informed consent every time we collect your personal data on this legal basis.
- Contractual basis - We process the personal data as necessary to fulfill our contractual terms with you or our Clients.
- Legitimate interest - We process the names, contact details, job titles, companies of our existing and prospective clients for our marketing purposes, including market research and sales leads generation.
You have the following rights under the GDPR:
- Be informed about the collection and use of your personal data
- Access your personal data
- Correct errors in your personal data
- Erase your personal data
- Object to the processing of your personal data. This right is also available to individuals whose personal data is processed by us for direct marketing purposes. If you object to the processing of your personal data for direct marketing purposes, we shall stop processing within 30 days of receipt of your request.
- Export your personal data
- Restrict our processing of your personal data for specific reasons, including any of the purposes supported by the legitimate interest legal bases. (see the section above).
We use standard contractual clauses as the data transfer mechanism of transferring EU data to countries subject to data transfer requirements.
You may contact us at email@example.com or you may contact our EU Data Representative at: DPO@vendia.com
You may also lodge a complaint with your local supervisory authority, EU Data Protection Authorities (DPAs) or Swiss Federal Data Protection and Information Commissioner (FDPIC). See their contact details here National Data Protection Authorities.
Appendix 2: For individuals based in California
This section provides additional specific information for consumers based in California as required by the California Consumer Privacy Act of 2018 (“CCPA”).
A.2.1 Collection and Use of Personal Information
In the last 12 months, we have collected the following categories of personal information:
- Identifiers, such as your name, mailing address, email address, zip code, telephone number, or other similar identifiers.
- California Customer Records (Cal. Civ. Code § 1798.80(e)), such as username and password, company name, job title, business email address, and department.
- Internet/Network Information, such as your browsing history, log and analytics data, information about the device(s) used to access the Services and information regarding your interaction with our websites or Services and other usage data.
- Geolocation Data, such as information about your location (at country and city level) collected from your IP address.
- Sensory Information, the content, audio and video recordings of conference calls between you and us that we record where permitted by you and/or the law.
- Profession/Employment Information that you include in your CV, cover letter and send to us when applying for a position.
- Other Personal Information, such as personal information you provide to us in relation to a survey, comment, question, request, article download or inquiry and any other information you upload to our Application.
We collect personal information directly from you, from your browser or device when you visit our websites, from third parties that you permit to share your information or from third parties that share public information about you and as stated above.
See the section above, “How we use personal information,” to understand how we use the personal information collected from California consumers.
A.2.2 Recipients of Personal Information
We share personal information with third parties for business purposes. The categories of third parties to whom we disclose your personal information may include: (i) our service providers and advisors, (ii) marketing and strategic partners; (iii) ad networks and advertising partners; (iv) analytics providers; and (v) social networks.
Please see the "How We Share Information" section of the Policy above for more information.
A.2.3 California Privacy Rights
As a California resident, you may be able to exercise the following rights in relation to the personal information about you that we have collected (subject to certain limitations at law):
- The Right to Know any or all of the following information relating to your personal information we have collected and disclosed in the last 12 months, upon verification of your identity:
- The specific pieces of personal information we have collected about you;
- The categories of personal information we have collected about you;
- The categories of sources of the personal information;
- The categories of personal information that we have disclosed to third parties for a business purpose, and the categories of recipients to whom this information was disclosed;
- The categories of personal information we have sold and the categories of third parties to whom the information was sold; and
- The business or commercial purposes for collecting or selling the personal information.
- The Right to Request Deletion of personal information we have collected from you, subject to certain exceptions.
- The Right to Opt-Out of Personal Information sales to third parties now or in the future. However, we do not sell your personal information.
You also have the right to be free of discrimination for exercising these rights.
Please note that if the exercise of these rights limits our ability to process personal information (such as a deletion request), we may no longer be able to provide you with our products and services or engage with you in the same manner.
A.2.4 How to Exercise Your California Consumer Rights
To exercise your right to know and/or your right to deletion, please submit a request by contacting us at firstname.lastname@example.org.
We will need to verify your identity before processing your request. In order to verify your identity, we will generally require sufficient information from you so that we can match it to the information we maintain about you in our systems. Sometimes we may need additional personal information from you to be able to identify you. We will notify you.
We may decline a request to exercise the right to know and/or right to deletion, particularly where we are unable to verify your identity or locate your information in our systems or as permitted by law.
You may choose to designate an authorized agent to make a request under the CCPA on your behalf. No information will be disclosed until the authorized agent’s authority has been reviewed and verified. Once a request has been submitted by an authorized agent, we may require additional information (i.e. written authorization from you) to confirm the authorized agent's authority.
If you are an employee/former employee of a Vendia Client that uses our application and services, please direct your requests and/or questions directly to your employer/former employer.
If you are a third party (auditor, business associate etc.), who was given access to the Vendia application by a Vendia Client, please direct your requests and/or questions directly to the Vendia Client that gave you access.