reciprocity.com
Open in
urlscan Pro
2606:4700::6812:46f
Public Scan
Submitted URL: https://mktg.reciprocity.com/NjY1LVpBTC0wNjUAAAGQwmStjXNkcOkMcy8MAQ8r81qpMfOHSqET8XNruemnUnsycY0zBXsVqZld7JrNrxgAyhFuJ3c=
Effective URL: https://reciprocity.com/privacy/?mkt_tok=NjY1LVpBTC0wNjUAAAGQwmStjRlbziJEwLUWyxqzdyLQdN5proNycNeWonRaeLfd7inCwsPVGC75vgg...
Submission: On January 19 via api from US — Scanned from DE
Effective URL: https://reciprocity.com/privacy/?mkt_tok=NjY1LVpBTC0wNjUAAAGQwmStjRlbziJEwLUWyxqzdyLQdN5proNycNeWonRaeLfd7inCwsPVGC75vgg...
Submission: On January 19 via api from US — Scanned from DE
Form analysis 3 forms found in the DOM
GET /
<form role="search" action="/" method="get" id="searchform" class="custom-form__wrapper d-block d-lg-none">
<div class="custom-form custom-form--hide">
<input type="text" class="custom-form__input custom-form__input--mobile" placeholder="Search" value="" name="s" id="search-mobile">
<button class="custom-form__submit" disabled=""><i class="far fa-search"></i></button>
<ul id="entry_departments"></ul>
</div>
</form>GET /
<form role="search" action="/" method="get" id="searchform" class="custom-form__wrapper d-none d-xl-none">
<div class="custom-form">
<input type="text" class="custom-form__input" onfocus="this.placeholder = 'Search'" onblur="this.placeholder = ''" placeholder="" value="" name="s" id="s">
<button class="custom-form__submit" disabled=""><i class="far fa-search"></i></button>
<ul id="entry_departments"></ul>
</div>
</form>GET /
<form role="search" action="/" method="get" id="searchform" class="custom-form__wrapper d-none d-lg-block">
<div class="custom-form custom-form--hide">
<input type="text" class="header__outside-input" placeholder="Search" value="" name="s" id="s">
<button class="header__outside-button" disabled=""><i class="far fa-search"></i></button>
<ul id="entry_departments"></ul>
</div>
</form>Text Content
* Product
* ZenGRC
* ROAR
* Pricing
* Product Compare
* Solutions
* By Industry
* By Framework
* Technology
* Financial Services
* Hospitality
* Healthcare
* Government
* Education
* Retail
* Media
* Insurance
* Manufacturing
* Oil & Gas
* Popular
* ISO
* PCI
* SOC
* COSO
* SSAE 18
* Privacy
* CCPA
* GDPR
* Health Care
* HIPAA
* Government
* NIST
* FedRAMP
* CMMC
* Finance
* COBIT
* Success
* Customer Stories
* Resources
* Resource Center
* RiskOptics Community
* Newsroom
* Events
* Blog
* Content Registry
* Company
* About Us
* Contact Us
* Careers
* Leadership
* Trust Center
* Partner Program
Get a Demo
RISKOPTICS PRIVACY NOTICE
Last Updated: July 18, 2023
RiskOptics is committed to protecting your privacy. Our most important asset is
you and your trust, and we want you to have confidence in the way we use your
Personal Information.
On This Page
* Definitions
* RiskOptics and our Privacy Notice
* Categories of Personal Information Collected, the Purposes for such
Collection, and Legal Bases for Collection
* Personal Information Collected for Marketing and/or Informational Purposes
* Personal Information Collected for Employment Purposes
* Personal Information Collected when you Use our Services
* Personal Information Collected when You Use Our Site
* More on Legitimate Interest Processing
* Sharing of Personal Information
* Security
* Where We Store Your Personal Information
* Data Retention and Deletion
* Your Rights and Choices
* Special Circumstances of Processing of Personal Information
* Selling Personal Information
* How to Make a Request or Complaint
* Federal Trade Commission and EU Supervisory Authorities Enforcement
* Links to Other Websites
* Modifications to the Privacy Notice
* Contacting RiskOptics
DEFINITIONS
In this Privacy Notice, “us”, “we” and “our” refers to RiskOptics, Inc. and our
affiliates listed on this page (collectively “RiskOptics”).
“Communications information” means records of any correspondence and
communications including the content of your message, the date and time and our
response if you contact us or raise a question with us.
“Background check information” means a comprehensive collection of data that
encompasses an individual’s criminal information, previous employment details,
previous educational history, and a social security trace. It includes records
of arrests, convictions, pending charges, court proceedings, employment dates,
job titles, responsibilities, performance evaluations, references, reasons for
leaving previous positions, schools attended, degrees earned, areas of study,
academic achievements, certifications obtained, and a verification of the
individual’s social security number (SSN) with associated names, addresses, and
employment history.
“Contact information” means information that is typically used to contact you,
such as your first and last name, business and/or personal email address,
business and/or personal telephone number(s), and your employer’s physical
address.
“Information about your Services usage or Site visit” includes information that
lets us know how you navigate and use our Site and Services. This may include
mouse movements, clicks, and scrolls. This may also include Uniform Resource
Locators (URL), Clickstream to and through our Site (but not from our Site),
Page response times and download errors, Page interaction information (such as
scrolling, clicks, frequency and length of visits, types of content viewed or
engaged with).
“Marketing information” means your marketing communication preferences.
“Personal Information” means any information relating to an identified or
identifiable individual. Please read the following carefully to understand our
views and practices regarding your Personal Information and how we will treat
it.
“Process” means the collection, recording, organization, structuring, storage,
adaptation or alteration, retrieval, consultation, use, disclosure by
transmission, dissemination or otherwise making available, alignment or
combination, restriction, erasure or destruction of Personal Information.
“Professional Information” may include job title, title level, title function,
company name, and which subject matter you are interested in.
“Sensitive Personal Information” means information related to racial or ethnic
origin, political opinions, religious or philosophical beliefs, trade union
membership, genetic data, biometric data for the purpose of uniquely identifying
a natural person, data concerning health or data concerning a natural person’s
sex life, or sexual orientation. Included within this definition shall also be
any information that relates to a person’s account login, finances, including
financial accounts, debit or credit card in combination with any required
security or access code, password, or credentials allowing access to an account,
financial ownership, financial transactions, and/or financial credit. Lastly,
Sensitive Information shall also mean a person’s social security, driver’s
license, state identification card, or passport number, date of birth, precise
geolocation, the contents of a consumer’s mail, email, and text messages unless
RiskOptics is the intended recipient of the communication, genetic data,
biometric information for the purpose of uniquely identifying a consumer,
information concerning a person’s health, sex life, or sexual orientation.
Excluded from this definition is information that is publicly available.
“Screen and/or voice recordings” means in limited instances, after we have
provided notice and obtained your consent, we may record your voice and screen
(i.e., information displayed by your device) information during Zoom meetings
with us.
“Technical identifiers/information” means Internet protocol (IP) address,
Browser type and version, Device IDs, Google ID, Time zone setting, Operating
system and platform, Hardware version, Device language settings, account
identification number.
“Voluntary user submitted information” means any other Personal Information that
you voluntarily and freely choose to provide to us.
RISKOPTICS AND OUR PRIVACY NOTICE
RiskOptics is a computer software company that offers both risk management and
Governance, Risk, and Compliance (“GRC”) software (through the ZenGRC and the
ROAR product suite) (“Services”) as a service that helps our customers manage
business risks more effectively.
This Privacy Notice describes how we collect, use, disclose and otherwise
process Personal Information about you when:
* You visit our website at www.RiskOptics.com and/or www.reciprocity.com
(collectively the “Site”);
* Submit Personal Information directly to us for marketing, sales, and/or
informational purposes;
* You apply for an employment or independent contractor position with or on
behalf of RiskOptics; or
* Otherwise contact or inquire or otherwise engage with us through Site or our
products and services which we market (our “Services”).
Where RiskOptics hosts Customer Personal Information within the RiskOptics
Services, we do so in our capacity as a service provider and/or subprocessor on
the Customer’s behalf. Our Customer is the controller and/or business in respect
of Personal Information they supply to us when using RiskOptics’ Services.
By visiting and using our Site and/or Services, you acknowledge that you have
read, understood, and agree to this Privacy Notice.
CATEGORIES OF PERSONAL INFORMATION COLLECTED, THE PURPOSES FOR SUCH COLLECTION,
AND LEGAL BASES FOR COLLECTION
PERSONAL INFORMATION COLLECTED FOR MARKETING AND/OR INFORMATIONAL PURPOSES
You may provide us with the following categories of Personal Information about
you: (1) contact information; (2) professional information; (3) communications
information; (4) screen and/or voice recordings if personal information is
supplied to us through Zoom meeting(s); (5) marketing information; (6) whether
you have attended a promotion event such as a webinar or educational conference;
(7) information regarding materials you may have downloaded from our website or
third party website(s); and (8) information regarding whether you have responded
to paid advertising by RiskOptics. We may also collect any other personal
information that you choose to provide to us. These categories of personal
information that are collected for the purposes of marketing and selling our
products to you. This information is collected from you with your consent, and
it is also collected for our legitimate interests, which is to market and sell
our products and provide information to you. Where the information is not
provided by you, the information is obtained from various third parties that may
sell or otherwise share your personal information with us.
You may object to further marketing at any time by selecting the “unsubscribe”
link at the end of all our marketing and promotional update communications to
you or contact us directly. To opt-out of our marketing calls, please email us
at privacy@riskoptics.com.
PERSONAL INFORMATION COLLECTED FOR EMPLOYMENT PURPOSES
When you apply for employment with us, we collect the following categories of
personal information: (1) contact information; (2) professional information; (3)
communications information; (4) notes taken when you interview with us; (5)
background check information; and (6) screen, visual, and/or voice recordings of
any meetings, interviews, and/or discussions had with us.
This information is obtained from you with your consent for us considering you
for an employment position with us.
PERSONAL INFORMATION COLLECTED WHEN YOU USE OUR SERVICES
We process Personal Information you provide directly to us. When you are a
Customer of us, by using either ZenGRC or the ROAR product suite, we collect the
following categories of personal information: (1) contact information; (2)
professional information; (3) communications information; (4) technical
information; and screen, audio, and/or visual recordings when you have Zoom
meetings with us.
By default, we do not process Sensitive Personal Information; however, we may
collect and store media, documents or other information you voluntarily provide
to us. We do not recommend that you provide us with Sensitive Personal
Information when utilizing our Services.
These categories of personal information are collected for the following
purposes: (1) to identify and authenticate individuals who utilize our Services;
(2) to provide the Service in a safe and secure manner; (3) for customer
relations management, customer service, and customer communication; (4) to
provide business intelligence information to us; and (5) to provide workflow
automation to our customers.
These categories of personal information with the exception of technical
identifiers are provided by the customer. Technical information is collected
from the Customer’s device when utilizing the Services. The legal basis for
collecting this personal information is for the performance of the contract
between us and the Customer.
PERSONAL INFORMATION COLLECTED WHEN YOU USE OUR SITE
We may collect by automated means the following categories of personal
information about you or that relates to your use of our site: (1) technical
information and (2) information about your visit. This information is obtained
from your device when you visit our Site.
Additionally, we use cookies and similar technologies to collect and store
certain information. This includes saving cookies to your device. For
information on what cookies are, which ones we use, why we use them, and how you
can manage their use, please see our Cookie Policy.
This information is used to ensure our legitimate interests that (1) content
from our Site is presented in the most effective manner for you and for your
device to provide you with a better experience; (2) to communicate with you and
respond to your inquiries; (3) to process your job applications to us; (4) for
internal operations, including troubleshooting, data analysis, testing,
research, statistical analysis purposes; (5) to keep our Site safe and secure;
and/or (6) to measure and understand the effectiveness of our advertising and to
deliver relevant advertising to you. This information is also used to enter into
any contract or carry out our obligations arising from any contract entered into
between you and us including administering an account you have with us and
notifying you about changes or updates to our Service. Finally, this information
is used to provide you with information about our Services we believe may
interest you and which may be tailored to you, in our legitimate interests
(provided these interests do not override your right to object to such
communications) or if you have given your consent to receiving marketing
material from us at the point we collected your information, where such consent
is required by law or otherwise.
These categories of personal information were shared (1) to store it; (2) where
we are legally required to do so; and (3) to facilitate the operation of our
group of businesses, where it is in our legitimate interests and have concluded
these are not overridden by your rights.
MORE ON LEGITIMATE INTEREST PROCESSING
Data protection law allows us to use Personal Information for our genuine and
legitimate reasons if we respect your rights and freedoms. This lawful basis for
using your information is called ‘legitimate interests’. When we rely on our
legitimate interests as the legal basis for processing your Personal Information
for the purposes set out above, we will specify what our legitimate interests
are, and carefully consider and balance any possible effect this may have on you
and your rights. You have the right to object to this processing; however,
please bear in mind if you object this may affect our ability to carry out
certain activities.
SHARING OF PERSONAL INFORMATION
We may transfer your personal information outside of Europe (1) to store it; (2)
to enable us to provide our Service to you and fulfill any contract with you;
(3) where we are legally required to do so; and (4) to facilitate the operation
of our group of businesses, where it is in our legitimate interests and have
concluded these are not overridden by your rights.
Personal Information may be shared with the following categories or
organizations and/or individuals:
* Our subprocessors to provide the Services to our Customers. Information
regarding our subprocessors can be found at
https://www.reciprocity.com/subprocessors/;
* Companies within our group including RiskOptics Europe who may support us in
any of the purposes set out in this Privacy Notice;
* Our Affiliates
* Analytics, advertising partners, and Search engine providers
* Business partners, suppliers and subcontractors performing services on our
behalf
* Any company or prospective buyer of all or substantially all our assets in
connection with a sale or transfer or assets to any prospective buyer
* Any person to whom disclosure is necessary to enable us to enforce our rights
under this Privacy Notice or under the terms of use or to protect our rights
or the rights of third parties. This includes exchanging information with law
enforcement agencies or other similar government bodies.
* Another party where required to do so by court order or where we are under a
duty to disclose or share your information to comply with (and/or where we
believe we are under a duty to comply with) any legal obligation.
Collected personal information may be transferred to organizations and/or
individuals located in the United States, European Union, Mexico, Columbia,
Uruguay, and Argentina. If you are in the European Economic Area, information
will be transferred to these countries through approved Standard Contractual
Clauses mechanisms and in accordance with the security measures stated within
this Privacy Notice.
SECURITY
We are committed to ensuring that your Personal Information is adequately
protected. In order to prevent unauthorized access to or disclosure of your
Personal Information, we have implemented appropriate administrative, physical
and technical controls to safeguard our systems, applications and information,
as well as robust standard operating procedures in the event of a security
incident.
Our security safeguards can be viewed at https://www.reciprocity.com/dpa/.
We also maintain procedural safeguards to further restrict access to your
Personal Information to employees who need it to perform their tasks or people
working on our behalf and under confidentiality agreements.
WHERE WE STORE YOUR PERSONAL INFORMATION
The servers used to process your Personal Information are located in the
following regions:
* For Personal Information collected from the Customer of ZenGRC: United
States, European Union, and Australia
* For Personal Information collected from Customers of the ROAR product suite:
United States.
For Personal Information collected for all other purposes, such Personal
Information is stored in the United States.
DATA RETENTION AND DELETION
Personal Information is retained for only as long as it is needed; however, in
the following instances, the maximum retention time frame is:
* Information collected for employment purposes: 24 months
* Information collected when you use our services: 30 days after the contract
with the Customer is terminated
* Information collected related to user sessions when you use our Site: 14
months.
* For marketing, sales, or informational purposes: 18 months from the date of
last interaction from the individual to RiskOptics.
We take measures to delete your personal information or keep it in a form that
does not permit identifying you when this information is no longer necessary for
the purposes for which we process it, unless we are authorized or required by
law to keep this information for a longer period.
When determining the retention period, we take into account various criteria,
such as the type of products and services requested by or provided to you, the
nature and length of our relationship with you, possible re-enrollment with our
products or services, the impact on the services we provide to you if we delete
some information from or about you, mandatory retention periods provided by law
and the statute of limitations.
RiskOptics retains limited information that demonstrates it has met its
contractual obligations with customers. This could include any documentation
related to the terms of the contract, the scope of the services provided, and
any relevant communication between RiskOptics and its customers.
YOUR RIGHTS AND CHOICES
You have options and choices over how we use your personal information. You may
have the right under applicable laws to ask for details of the personal
information we hold about you, or to amend, limit or delete your personal
information. You may also have the right to object to further processing under
certain circumstances. We also respect the rights you may have under applicable
laws to receive that information in a commonly used electronic format (or ask
for this information to be provided in that format to a third party where
feasible).
Specifically, you have the right under certain circumstances to:
* To be provided with a copy of your personal information held by us;
* To know and access various aspects of your personal information, which
include the categories of information collected, the sources from which it is
obtained, the business purposes for collecting, selling, or sharing your
information, the categories of third parties with whom your information is
shared, and the specific pieces of personal information collected about you
by RiskOptics.
* To opt-out of the selling or sharing of your personal information.
* To request the correction or erasure of your personal information held by us;
* To request that we delete any personal information held by us about you;
* To request that we restrict the processing of your personal information
(while we verify or investigate your concerns with this information, for
example);
* To object to the further processing of your personal information, including
the right to object to marketing (as mentioned in our promotional updates and
marketing section);
* To request that your provided personal information be shared with to a third
party; and
* To withdraw consent. Where the processing of your personal information by us
is based on consent, you have the right to withdraw that consent without
detriment at any time by contacting us. You can also change your marketing
preferences at any time as described in our promotional updates and marketing
section and below.
* To not receive discriminatory treatment for the exercise of these rights.
Our Customers will typically act as data controllers for any Personal
Information related to them or Personal Information that third parties upload to
our Services. We will act as a data processor in accordance with the Service
and/or data processing agreements. Please note that if your request relates to
Personal Information processed and/or stored by us as a result of you utilizing
our Services, we will refer your request to the organization that contracts with
us for our Services. We will then act according to the instructions of that
organization since that organization is deemed to be the controller of that
personal information.
SPECIAL CIRCUMSTANCES OF PROCESSING OF PERSONAL INFORMATION
We do not knowingly store and/or process personal information for individuals 16
years of age or less nor do we process Sensitive Personal Information.
Additionally, we do not engage in profiling or processing of personal
information by automated decision making.
SELLING PERSONAL INFORMATION
According to the California Attorney General’s Office, a business is considered
a seller of Personal Information if it utilizes cookies that facilitate targeted
advertising. Because RiskOptics utilizes targeted advertising cookies on its
website, and on that basis alone, RiskOptics is considered a seller of Personal
Information. RiskOptics does not sell your Personal Information for a monetary
amount to third parties, and it does not sell any information obtained through
your use of ZenGRC or the ROAR product suite.
RiskOptics utilizes the software platform Cookiebot to manage its cookie
preferences. Cookiebot adheres to browser global privacy controls which can
automatically instruct our website to not allow targeted advertising cookies to
be placed on your device. This is performed in a frictionless manner. To learn
how to implement global privacy controls for your browser, you can visit this
resource.
To change your Cookiebot preferences, click on the paperclip icon at the bottom
left side of the browser:
You may also make a request to opt-out of the selling or sharing of your
Personal Information by emailing privacy@riskoptics.com or you can complete our
data privacy request form here.
HOW TO MAKE A REQUEST OR COMPLAINT
We commit to respond to requests and resolve complaints about our collection or
use of your personal information. You may contact us at privacy@riskoptics.com
if you have a question about our privacy practices, this Privacy Policy, or if
you wish to make a request regarding your Personal Information. You may also
submit your request by completing this form here.
Please note that when a request is made that relates to your privacy rights,
RiskOptics will contact you separately to attempt to verify your identity. If we
cannot verify your identity within a reasonable amount of time, we will be
unable to process your privacy request.
You may also make a request through an authorized agent. Before processing your
request, we will separately contact you to verify the legitimacy of the request
by examining documentation demonstrating agency between the person making the
request and the subject of which the personal information relates. If we cannot
verify the agency relationship, we will be unable to process the request.
If you are located within the European Economic Area and are unhappy with a
response you receive from us, you can also refer the matter to your data
protection supervisory authority which can be found here.
FEDERAL TRADE COMMISSION AND EU SUPERVISORY AUTHORITIES ENFORCEMENT
We are subject to the investigation and enforcement actions of the Federal Trade
Commission. We may be required to share your personal information with such
enforcement authorities, including the disclosure of UK, Switzerland, and
European Union residents’ personal information to public authorities and law
enforcement agencies in response to lawful requests, including requests to meet
national security and law enforcement requirements.
LINKS TO OTHER WEBSITES
This Privacy Notice covers the privacy practices of RiskOptics and it does not
cover the privacy practices of third parties on their websites and other
features. We are not responsible for the privacy notices and/or practices of
third parties.
Our Site may provide links that can take you to other websites, which may
include partner websites. You should review the privacy and other policies that
govern the websites you visit, since those websites are not bound by our Privacy
Notice, and we have no control over the content of those Websites, nor the usage
of information they gather.
MODIFICATIONS TO THE PRIVACY NOTICE
Any changes we make to our privacy notice will be posted on this page
https://reciprocity.com/privacy and, in relation to substantive changes,
Customers of our Services will be notified by email.
CONTACTING RISKOPTICS
If you would like to contact us with questions or concerns about this Privacy
Policy, our privacy practices, or would like to exercise your privacy rights,
you may contact us via any of the following methods:
E-mail: privacy@RiskOptics.com
Privacy Request Form: The Privacy Request Form is located here.
YOU MAY ALSO WRITE TO US AT:
* Attn: Privacy Officer
* RiskOptics, Inc.
* 548 Market St, #73905
* San Francisco, CA 94104
OUR EU REPRESENTATION:
* Attn: Privacy Officer
* Reciprocity d.o.o.
* Celovška cesta 130
* 1000 Ljubljana
* Slovenia
Product
* ZenGRC
* ROAR
* Pricing
* Product Compare
Solutions
* Industries
* Frameworks
Success
* Customer Stories
Resources
* Resource Center
* RiskOptics Community
* Newsroom
* Events
* Blog
* Content Registry
Company
* About Us
* Contact Us
* Careers
* Leadership
* Trust Center
* Partners
Contact Us
Contact Us
© 2024 All rights reserved
Privacy Policy