Emtech Group, Inc (“Emtech Group”, “we”, “us” and terms with similar meaning) is committed to respecting and protecting your right to privacy, and we take your privacy seriously. We have a strictly enforced privacy policy and will keep your personal information secure. To communicate this, we have created this Privacy Policy to disclose and describe our information gathering and dissemination practices for our online communications.

This Privacy Policy applies to personal information we collect through our website at emtechgroup.com (the “Website”), the license to our software (the “Software”), and/or via email, text, and other electronic communications sent through the Website, the Software or in relation to the associated services (collectively, referred to as the “Services”).

This policy DOES NOT apply to information that (a) we collect offline or on any other Emtech apps or websites, including websites you may access through our Services; and (b) you provide to or is collected by any third party. Such third parties may have their own privacy policies, which we encourage you to read before providing information on or through them.

Please read this Privacy Policy carefully to understand our policies and practices for collecting, processing, and storing your information. If you do not agree with our policies and practices, do not download, register with, or use the Services. By downloading, installing and/or registering with, or using the Services, you indicate that you understand, accept, and consent to the practices described in this Privacy Policy.

Collection of Your Personal Information

Most pages on the Website can be viewed without providing any information about yourself. However, for some content on the Website, to register and to use the Software and receive some associated services, we will request information that makes you personally identifiable.

• Your personal information is collected for internal use by Emtech Group for Website traffic analysis, to improve the Software, response to requests and occasional marketing communications.

• All personal information submitted to Emtech Group is done so voluntarily and with your consent.

• We pledge to hold all information you provide to us in absolute privacy.

• We will never sell or rent your name or personal information to any third party without your express permission.

• Only authorized employees may access your information.

Subscription Status

We will occasionally send out information on our solutions, announcements and special offers. If you no longer wish to receive such communications, you may opt-out of receiving them by emailing us at [email protected].

Changes to This Privacy Policy

If we decide to change our Privacy Policy, we will post those changes to the homepage of the Website, the Software, and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. Emtech Group reserves the right to modify this Privacy Policy at any time, so please review it frequently.

If you have questions or concerns regarding our Privacy Policy, or if you want to request the individual information Emtech Group has collected about you, contact us at [email protected].

International transfers of your personal data

Emtech Group is committed to ensuring continuity of adequate protection and lawful Processing of personal data regardless of the jurisdiction. Where it has a legal basis to do so, Emtech Group may transfer your personal data outside of your country to a subsidiary, a third-party service provider, or business partner to operate our business and to fulfill the purposes described in this Policy. By virtue of this Policy, you are aware that when using our websites or providing any personal data to us, where applicable law permits and unless otherwise specified in a separate specific notice, the Processing of such information may take place outside the country of collection where data protection standards may be different. We will always seek to localize personal data when possible. Several lawful bases exist for Emtech Group to ensure adequacy of data protection when engaging in cross border transfers. Emtech Group Inc. will also execute a Data Processing Addendum to facilitate the lawful transfer and adequate protection of personal data across jurisdictions as required by applicable data protection laws.

Transfers to Canada from EU

Emtech Group Inc.  is a Canadian company headquartered in Toronto, Ontario. For lawful transfers of personal data to Canada from the European Economic Area (“EEA”), United Kingdom (“UK”), Emtech Group relies on the EU’s / UK recognition of the adequacy of Canada’s Privacy law, the Personal Information and Electronic Documents Act (“PIPEDA”), as a lawful mechanism for the transfer of personal data to recipients subject to PIPEDA, which governs how Emtech Group Inc. can collect, use, and disclose personal data. Since 2001, PIPEDA has given Canada the benefit of an adequacy decision by the EU Commission and transfers on the basis of an adequacy determination are authorized pursuant to Article 45 of the GDPR”. This decision is an acknowledgement by the EU Commission and UK that PIPEDA affords an adequate level of personal data protection to customers that entrust personal data to Emtech Group Inc..

For our European visitors

Emtech Group may be considered the data controller or processor for any personal data collected via the Website or the Software respectively. We are committed to respecting and protecting your right to privacy, and we take your privacy seriously. We have created this Privacy Policy to disclose and describe how we process personal data.

The Website contains links to other websites. This Privacy Policy applies to Emtech Group Services only. Please review the Privacy Policy before submitting your personal data.

Collection of Your Personal Data

We collect personal data when you use the Services, including using our Website, the Software, or corresponding with us. This includes:

• Contact details – first and last name, e-mail address, company name, phone number, mailing address, country, states;

• Requests, feedback, sign-up information – all information, including the name of the company or organization you work for, the country you are located in, the time and date you would like to attend our event or training, which you provide to us when contacting us via our Website’s contact form, or when you register to the Software, when you contact us via e-mail, telephone or other means;

• Application data – all information you provide to us when applying for a position with Emtech Group; and

• Technical information – IP address, referring URL, the pages that you visited on the Website, the type and version of browser, operating system, demographics, the date and duration of the visit, any other information captured by Google Analytics, and your use of the Software.

How Do We Use Your Personal Data?

We use your personal data for the following purposes:

• To create a contract with you, or take steps linked to a contract with you. This is relevant when you register for training or apply for a position with Emtech Group and includes:

• providing the Services requested by you, including giving you access to the Website and Software;

• processing payments;

• communicating with you; and

• assessing your suitability for a position you may have applied to.

If the personal data we request is not provided, we may not be able to provide you with the Services, enter or comply with a contract or discharge our local legal obligations set hereafter.

In our legitimate interests regarding the conduct of our business, in particular:

• ensuring customer satisfaction – we provide technical support and investigate and process any complaints about the Services, to maintain appropriate records for internal administrative purposes, and store information about your preferences;

• to protect our IT systems – monitor, test and control the performance and security of our systems, the Software, networks, processes and premises to prevent and detect interference and protect our business;

• developing and marketing services – to understand you and your company better as a customer by analyzing personal data you provide to us or which we learn through your interactions with us; and for monitoring the use of our Website and Software to improve their performance and optimize our media or other spend;

• legal and regulatory purposes – in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of personal data in connection with claims, legal process or litigation);

• to notify you when Software updates are available, and of changes to any products or services we offer or provide though it; and

• for any other purpose with your consent.

Where you give us consent:

• we will send you emails, texts and push notifications (including newsletters) in relation to services provided by us, or by our named affiliates and carefully selected partners;

• we also share some of your personal data with marketing service and ad technology providers and digital marketing networks, such as Google to present advertisements that might be of interest to you.

• when you visit the Website, we place cookies and use similar technologies on your computer, mobile or other device and we use such technologies including pixel tags and web beacons in marketing emails and communications (see below for details on any cookies we use); and

• on other occasions where we ask you for consent, we will use the personal data for the purpose which we explain at that time.

You have the right to withdraw consent at any time.

• For purposes which are required by law:

• in response to requests by government, law enforcement authorities or court orders.

How Long Do We Retain Your Personal Data?

We delete personal data which we process based on your consent, for example in connection your subscription to newsletters, once you withdraw your consent.

We will not retain or use your personal data longer than necessary for the purposes outlined in this Privacy Policy. As an exception, we will not delete your personal data where we still have a legitimate interest to use your personal data. For example, we may still retain your personal data to resolve disputes or comply with legal requirements, and to satisfy any accounting, or reporting requirements.

With whom do we share your personal data?

We disclose or transfer personal data to other parties as follows:

• with other legal entities or affiliates of the Emtech Group, if this is necessary for the purposes set out in this Privacy Policy, for example if your request concerns another company of the Emtech Group, or to the extent this is necessary for internal administrative purposes;

• to third party service providers that perform processing operations on our behalf in relation to the Services and the purposes set out in this Privacy Policy (for example, website hosting and technical support, Software support, marketing email service providers, online chat, data analysts, website and software developers);

• if we are under a duty to disclose or share your personal data in order to comply with a legal obligation, or in order to enforce, defend or protect our rights and intellectual properties;

• to government authorities, and to other third parties when compelled to do so by government and law enforcement authorities, or otherwise as required or permitted by law, including but not limited to responses to court orders;

• according to applicable law, to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Emtech Group’s assets, whether as a going concern or as part of winding down its business, in which personal information held by Emtech Group about our clients and users is among the assets transferred; and

• if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Emtech Group, our clients, users, or others.

We process or transfer your personal data processed under this Privacy Policy outside the European Economic Area (EEA), for example where we transfer personal data to other companies of the Emtech Group in the United States of America or Canada. We have implemented standard contractual clauses governing the transfer of your personal data outside the EEA. Please contact us at [email protected] if you would like to obtain a copy of the standard contractual clauses.

Cookies

We use third party cookies to make the Website (accessed through a desktop or mobile device) work better. Cookies are small text files saved on your computer, smartphone or any other IT device when you visit the Website. Cookies allow for recognition of your IP address and for collection of information about the pages you visit, and which features you use. You can disable cookies by changing your browser settings. However, please note that if you do this, you may not be able to use the full functionality of the Website.

We use Google Analytics, a web analytics service provided by Google. The information generated by the cookie about your use of the Website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information on our behalf for the purpose of evaluating your use of the Website, compiling reports on the Website’s activity for us and providing other services relating to website activity and internet usage to the website provider. Google will not associate your IP address with any other data held by Google.

Please note that we have extended the program code of Google Analytics to include the function “gat._anonymizeip(), so that Google will truncate/anonymize the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA.

You can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under the following link (https://tools.google.com/dlpage/gaoptout?hl=de).

Further information on Google Analytics can be found under

https://marketingplatform.google.com/about/analytics/terms/gb/

and

https://marketingplatform.google.com/about/analytics/terms/de/

Your rights

Wherever we rely on your consent, you will always be able to withdraw that consent. You have an absolute right to opt-out of direct marketing, and any profiling we carry out for direct marketing, at any time. You can do this by clicking on the “unsubscribe” link located in the footer of every marketing email or text.

In addition, you have the following rights:

• You have the right to know whether or not we process your personal data and to access that personal data.

• You have the right to update, correct and complete any personal data we hold about you which is inaccurate or incomplete.

• You have the right to obtain the personal data you provide to us for a contract or with your consent in a commonly used, structured, and machine-readable format, and to ask us to share (port) this personal data to another controller.

• You have the right to ask that we erase or restrict (stop active) processing of your personal data.

• In addition, you can object to the processing where the lawful basis is our legitimate interests, unless we can demonstrate compelling legitimate grounds for the processing.

These rights may be limited, for example if fulfilling your request would reveal personal data about another person or you ask us to erase personal data which we are required by law to keep. Additionally, your right to receive access to your personal information is subject to exceptions set out in applicable privacy legislation, including without limitation (i) information protected by solicitor-client privilege; (ii) information that is part of a formal dispute resolution process; (iii) information that is about another individual that would reveal their personal information or confidential commercial information; and (iv) information that is prohibitively expensive to provide. Where you object to us processing personal data we may have a compelling justification for processing it. We will inform you of relevant exemptions we rely upon when responding to any request you make.

To exercise any of these rights, you can get in touch with us at [email protected]. We hope that we can satisfy queries you may have about the way we process your personal data. However, if you have unresolved concerns, you also have the right to complain to any data protection authority.

Data Security

The security of your personal information is very important to us. We use physical, electronic, and administrative measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.

The safety and security of your information also depends on you. Where we have given you or you have chosen a password for access to the Software, you are responsible for keeping it confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet and mobile platforms is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted through the Services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures of the Services.

Additional disclosures for California residents

This “Additional disclosures for California residents” section is intended to describe our practices and your rights under the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”) (Civil Code Section 1798.100, et seq.) (collectively “California Law”). This section provides rights and other terms relating to your personal data that are in addition to those provided in this Policy (see above). These additional rights and other terms are only available to California residents about whom we collect personal data. This section takes precedence over the Policy with respect to your personal data for California residents if there is a conflict between the two. Any terms not defined in this section have the same meaning as defined in California Law. Additionally, any reference to personal data in this section has the same meaning as personal information as defined by California Law.

We do not sell, rent or lease your personal data we collect from you. We may share your personal data with third parties or allow them to collect personal data from our sites or services if those third parties are authorized service providers or business partners who have agreed to our contractual limitations as to their retention, use, and disclosure of such personal data, or if you use Emtech Group sites or services to interact with third parties or direct us to disclose your personal data to third parties.

Emtech Group software is not directed to individuals aged 16 and under or those not of the age of majority in your jurisdiction, and we request that these individuals, or others on their behalf, not provide us with their data. We do not knowingly sell or share the personal data of consumers under 16 years of age.

What Personal Data We Collect

Over the past 12 months, we may have collected the following personal data from California residents:

  • Identifiers or other elements of personal data under California Civil Code Section 1798.80
  • Commercial information about products or services
  • Internet activity when you interact with Emtech Group’s website.
  • Approximate geolocation data such as IP address as described in the Cookie Notice.
  • Inferences drawn from any of the information identified above.

How We Disclose, Share or Sell Your Personal Data

Disclosures. We may disclose your personal data with third parties for business or commercial purposes. In the past 12 months, we have disclosed your personal data with the following categories of third parties for a business or commercial purpose:

  • Internally. We may disclose your personal data to our affiliates, business partners, employees, and other parties who require such data to assist us with establishing, maintaining, and managing our business relationship with you.
  • With Our Service Providers or Contractors. We may disclose your personal data to our service providers or contractors (including third-party hosting providers) that provide services on our behalf, such as for email marketing, data analytics, promotions, newsletters, notices, and other communications, or that assist us in monitoring, improving, and hosting the Services.
  • Advertisers and Advertising Networks. Our website may include social media plug-ins (such as the Facebook like button), widgets (such as the “Share” button), or other tools made available by third parties, such as social media companies, that may result in data being collected or shared between us and the third parties for various purposes, including to select and serve personalized advertisements to you and others. These third parties may set and access their own cookies, web beacons, and embedded scripts on your device, and they may otherwise collect or have access to data about you, including unique personal identifiers such as an IP address, and they may share that data with us. Your interactions with these third parties are governed by the third parties’ privacy policies.
  • In the Event of a Business Transaction. If we are exploring or go through a business transition or financial transaction, such as a merger, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy, securities offering, or sale of all or a portion of our assets, we may disclose your personal data to a party or parties in connection with exploring or concluding such transaction.
  • For Legal Purposes. We will disclose your personal data when we think it is necessary to investigate or prevent actual or expected fraud, criminal activity, injury or damage to us or others; when otherwise required by law, regulation, subpoena, court order, warrant or similar legal process; or if necessary to assert or protect our rights or assets.
  • With Your Consent or Authorization. To anyone for whom you have authorized disclosure of data in this Policy.
  • Other. We may disclose your personal data for any other purpose disclosed by us when you provide the data.

Sales and Sharing. We do not sell or share the personal data we collect from you for direct, monetary profit or otherwise as defined under the CCPA. The above data is collected and used for the purposes disclosed in this Policy. In the 12 months immediately preceding the posting of this updated Privacy Policy, we have not sold or shared personal data of California residents.

Data Retention

We may retain all categories of your personal data (see above) for a period of time consistent with the original purpose of collection (see above) or as long as required to fulfill our legal obligations. We determine the appropriate retention period for personal data on the basis of the amount, nature, and sensitivity of the personal data being processed, the potential risk of harm from unauthorized use or disclosure of the personal data, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).

After expiry of the applicable retention periods, your personal data will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of such data.

Your Rights and Choices under California Law

Below please find a description of key rights California residents have under California Law and an explanation of how to exercise those rights with us.

  • Right to Know. If you are a California resident, you have the right to request that we disclose certain information to you about our collection and use of your personal data.
  • Right to Delete. You have the right to request that we delete some or all of the personal data we have pertaining to you. Once we receive and confirm your verifiable consumer request, we will then delete (and direct our service providers to delete, if applicable) your personal data from our records, unless a lawful basis exists to retain it. We may deny your deletion request if we are unable to verify your identity or if we are not required to delete your personal data under the CCPA.
  • Right to Correct Inaccurate Personal Data. You have the right to request that we correct any of the personal data that we maintain about you.
  • Right to Opt Out of the Sale or Sharing of Personal Data. If Emtech Group Inc. sells or shares personal data about you with third parties, you may have the right to opt out and request that Emtech Group Inc.  not sell or share your personal data.
  • Right to Non-Discrimination. Emtech Group Inc. values the security and privacy of its customers and will not discriminate against you for exercising any of your California Law rights. If you exercise certain rights, understand that you may be unable to use or access certain features of the Services. Unless permitted by applicable law, we will not: (i) deny you goods or services; (ii) charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; (iii) provide you a different level or quality of goods or services; or (iv) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services. However, we will deny your request if (i) we cannot verify your identity or (ii) the disclosure creates a substantial, articulable, and unreasonable risk to the security of your personal data, or your account with us.

Exercising Your California Law Rights

You do not need to create an account with us to exercise your California Law privacy rights. To exercise the rights described above, please submit a consumer request to us by emailing: [email protected].

To exercise your right to know, delete, or correct your personal data as described above, we need to verify your identity or authority to make the request and confirm the personal data relates to you. We will not provide you with personal data if we cannot verify your identity or authority to make the request and confirm the personal data relates to you. Making a verifiable consumer request does not require you to create an account with us. We use personal data provided in a verifiable consumer request solely to verify the requestor’s identity or authority to make the request.

These requests may be made only by you, your parents, guardian (if you are under 18 years or age), conservator, a person to whom you have given power of attorney pursuant to California Probate Code sections 4000 to 4465, or an authorized agent. As permitted under California Law, we may request that an individual submitting a request on behalf of a consumer submit proof that they are an authorized agent of the subject consumer, as well as verify the consumer’s identity. To protect your personal data, we reserve the right to deny a request from an agent that does not submit adequate proof that you authorized them to act for you.

We are only required to respond to a verifiable consumer Right to Know request twice within a 12-month period. The verifiable consumer request must provide sufficient information to allow us to verify you (or an authorized agent) are the person about whom we collected personal data.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Once we have verified a request from a California resident, we will confirm receipt of the request within 10 days and explain how we will process the request. We will then respond to the request within 45 days. We may require an additional 45 days (for a total of 90 days) to process your request, but in those situations, we will provide you with a response and explanation for the reason it will take more than 45 days to respond to the request. Our responses will include required information under California Law.

Additional disclosures regarding Colorado, Connecticut, Utah, and Virginia

For users residing in Colorado, Connecticut, Utah and Virginia, you also have rights with respect to the personal data that we collect about you. In addition to the rights that are available to residents of California, if you are a resident of one of these states, you may also have the right to:

Opt out of the Processing of your personal data for the purposes of targeted advertising and for profiling in furtherance of decisions, including, for residents of Connecticut, solely automated decisions, that produce legal or similarly significant effects; and

Appeal any decision or indecision related to the exercise of any right the consumer is granted under the applicable state law.

If you would like to exercise any of your rights under applicable law (including the right to appeal), please email [email protected].

Additional disclosures regarding Nevada

Nevada law gives residents of Nevada the right to request that a company not sell their personal data for monetary consideration to certain other parties.  This right applies even if your personal data is not currently being sold.  If you are a resident of Nevada and wish to exercise this right, please email [email protected].

Additional disclosures regarding EEA/UK personal data

For data subjects who are in the EEA/UK, and to the extent allowed under the GDPR, you have the right to request details of the personal data we have about you, update inaccurate information about you, request that your personal data be deleted, restrict Processing of your personal data, data portability, and object to the collection or use of personal data that we Process based on our legitimate interests as a company or for direct marketing purposes. In some cases, you may be directed to make your request to the organization who licensed our software or services. If you wish to exercise these rights, please submit a request to [email protected].

If you live in the EEA/UK and are dissatisfied with our use of your personal data or our response to a request, you have the right to lodge a complaint with your local supervisory authority. You may find contact details on edpb.europa.eu.

Contact

If you have questions or concerns regarding our Privacy Policy, or if you want to assert your data subject rights described above, contact us at [email protected] to the attention of the Data Protection Officer.

(Internal: 1.24)