Privacy Policy

Updated January 30, 2019

This Privacy Policy describes how Veriti collects, uses and discloses information, and what choices you have with respect to the information.

Updates in this version of the Privacy Policy reflect changes in data protection law.

When we refer to “Veriti”, we mean the Veriti organization that acts as the controller or processor of your information, as explained in more detail in the “Identifying the Data Controller and Processor” section below.

Table of Contents:
•Applicability of this Privacy Policy
•Information We Collect and Receive
•How We Use Information
•Data Retention
•How We Share and Disclose Information
•Security
•Age Limitations
•Changes to this Privacy Policy
•International Data Transfers: Privacy Shield and Contractual Terms
•Data Protection Officer
•Identifying the Data Controller and Processor
•Your Rights
•Data Protection Authority
•Contacting Veriti

Applicability Of This Privacy Policy
This Privacy Policy applies to Veriti’s mobile and desktop applications (collectively, the “Services”), Veriti.org and other Veriti websites (collectively, the “Websites”) and other interactions (e.g., customer service inquiries, user conferences, etc.) you may have with Veriti. If you do not agree with the terms, do not access or use the Services, Websites or any other aspect of Veriti’s business.

This Privacy Policy does not apply to any third party applications or software that integrate with the Services through the Veriti platform (“Third Party Services”), or any other third party products, services or businesses. In addition, a separate agreement governs delivery, access and use of the Services (the “Customer Agreement”), including the processing of any messages, files or other content submitted through Services accounts (collectively, “Customer Data”). The organization (e.g., your employer or another entity or person) that entered into the Customer Agreement (“Customer”) controls their instance of the Services and any associated Customer Data. If you have any questions about specific mobile app or website settings and privacy practices, please contact the Customer whose Services you use. If you have received an invitation to join the Service but have not yet created an account, you should request assistance from the Customer that sent the invitation.

Information We Collect And Receive
Veriti may collect and receive Customer Data and other information and data (“Other Information”) in a variety of ways:
•Customer Data. Customers or individuals granted access to a Workspace by a Customer (“Authorized Users”) routinely submit Customer Data to Veriti when using the Services.

•Other Information. Veriti also collects, generates and/or receives Other Information:
1. Account Information. To create and use an account on one of Veriti’s apps, you supply Veriti with an email and password.
2. Usage Information.

•Services Metadata. When an Authorized User interacts with the Services, metadata is generated that provides additional context about the way Authorized Users work. For example, Veriti logs the Workspaces, channels, people, features, content, and links you interact with, the types of files shared and what Third Party Services are used (if any).

•Log data. As with most websites and technology services delivered over the Internet, our servers automatically collect information when users access or use our Websites or Services and record it in log files. This log data includes the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data.

3. Cookie Information. Veriti uses cookies and similar technologies on our Websites and Services. Cookies can be used to recognize you when you visit a Site or use our Services, remember your preferences, and give you a personalized experience that’s consistent with your settings. Cookies also make your interactions faster and more secure. For more details about how we use these technologies, please see our Cookie Policy.

How We Use Information
Customer Data will be used by Veriti in accordance with Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and as required by applicable law. Veriti is a processor of Customer Data and Customer is the controller. Customer may, for example, use the Services to grant and remove access to a Workspace, assign roles and configure settings, access, modify, export, share and remove Customer Data and otherwise apply its policies to the Services.
Veriti uses Other Information in furtherance of our legitimate interests in operating our Services, Websites, and business. More specifically, Veriti uses Other Information:
•To provide, update, maintain and protect our Services, Websites, and business. This includes the use of Other Information to support delivery of the Services under a Customer Agreement, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities or at an Authorized User’s request:
•As required by applicable law, legal process or regulation.
•To communicate with you by responding to your requests, comments, and questions. If you contact us, we may use your Other Information to respond.
•To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. These communications are considered part of the Services and you may not opt out of them.
•For billing, account management, and other administrative matters, Veriti uses account data to administer accounts and keep track of billing and payments.
•To investigate and help prevent security issues and abuse.

If Information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, Veriti may use it for any business purpose. To the extent Information is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law, it is referred to in this Privacy Policy as “Personal Data.”

Data Retention
Veriti will retain Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and as required by applicable law. Veriti may retain Other Information pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping your Other Information after you have deactivated your account for the period of time needed for Veriti to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

How We Share And Disclose Information
Customers determine their own policies and practices for the sharing and disclosure of Information, and Veriti does not control how they share or disclose Information.
•Customer’s Instructions. Veriti will solely share and disclose Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and in compliance with applicable law and legal process.
•Third Party Service Providers. We may engage third party companies, for example, provide virtual computing and storage services, as service providers to process Other Information and support our business.
•During a Change to Veriti’s Business. If Veriti engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Veriti’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all Other Information may be shared or transferred, subject to standard confidentiality arrangements.
•Aggregated or De-identified Data. We may disclose or use aggregated or de-identified Other Information for any purpose. For example, we may share aggregated or de-identified Other Information with prospects.
•To Comply with Laws. If we receive a request for information, we may disclose Other Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process. Please see the Data Request Policy to understand how Veriti responds to requests to disclose data from government agencies and other sources.
•To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property or safety of Veriti or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
•With Consent. Veriti may share Other Information with third parties when we have consent to do so.

Security
Veriti takes the security of data very seriously. Veriti works hard to protect Other Information you provide from loss, misuse, and unauthorized access or disclosure. Given the nature of communications and information processing technology, Veriti cannot guarantee that Information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others.

Age Limitations
To the extent prohibited by applicable law, Veriti does not allow the use of our Services and Websites by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us.

Changes To This Privacy Policy
Veriti may change this Privacy Policy from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will post the changes to this page and encourage you to review our Privacy Policy to stay informed. If we make changes that materially alter your privacy rights, Veriti will provide additional notice, such as via email or through the Services. If you disagree with the changes to this Privacy Policy, you should deactivate your Services account. Contact the Customer if you wish to request the removal of Personal Data under their control.
International Data Transfers Privacy Shield And Contractual Terms
Veriti may transfer your Personal Data to countries other than the one in which you live. We deploy the following safeguards if Veriti transfers Personal Data originating from the European Union or Switzerland to other countries not deemed adequate under applicable data protection law:
•E.U.-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. To comply with European Union and Swiss data protection laws, Veriti Technologies, Inc. (“Veriti US”) self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. These frameworks were developed to enable companies to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States. For more information, including the types of Information covered, see Veriti US’s Privacy Shield Notice. To learn more about the Privacy Shield Program, please see http://www.privacyshield.gov/welcome.
•European Union Model Clauses. Veriti offers European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our Customers that operate in the European Union, and other international transfers of Customer Data. A copy of our standard data processing addendum, incorporating Model Clauses, is available here.

Data Protection Officer
To communicate with our Data Protection Officer, please email admin@Veriti.org.

Identifying The Data Controller And Processor
Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of information. In general, Customer is the controller of Customer Data. In general, Veriti is the processor of Customer Data and the controller of Other Information. Different Veriti entities provide the Services in different parts of the world. Veriti Technologies

Your Rights
Individuals located in certain countries, including the European Economic Area, have certain statutory rights in relation to their personal data. Subject to any exemptions provided by law, you may have the right to request access to Information, as well as to seek to update, delete or correct this Information. You can usually do this using the settings and tools provided in your Services account. If you cannot use the settings and tools, contact Customer for additional access and assistance.
To the extent that Veriti’s processing of your Personal Data is subject to the General Data Protection Regulation, Veriti relies on its legitimate interests, described above, to process your data. Veriti may also process

Data Protection Authority
Subject to applicable law, you also have the right to restrict Veriti’s use of Other Information that constitutes your Personal Data.

Contacting Veriti
Please also feel free to contact Veriti if you have any questions about this Privacy Policy or Veriti’s practices, or if you are seeking to exercise any of your statutory rights. You may contact us at admin@veriti.org or at our mailing address below:

Veriti
Suite 106.105
4200 Wisconsin Avenue, NW
Washigton DC 20016