Armadillex

Privacy and Data Protection Policy and Notice

Armadillex ("Armadillex" , "we", "us", "our" or the "Company") is a data protection management platform with a mission to make data protection management easy, convenient, and effective. We provide an AI-based data protection agreement analysis tool, and a platform that enables storing and analyzing data protection agreements ("DPA"), vendor relationships, breach notification management, updating DPAs and generating records of processing activities ("ROPA") (the "Platform"). Through the Platform, we make consulting and other services available to users (the "Services") provided directly by us or by our partners.

Armadillex respects the privacy of clients, users, people whose data is shared in the platform, website visitors, followers, staff, partners, vendors, service providers, and employment candidates and is committed to protecting the personal information that is shared with us (these and any others with respect to whom we collect Personal Data, shall collectively be referred to as "you" or "Data Subjects").

This policy and notice (the "Privacy Policy") explains the types of Personal Data we collect from you, that we receive about you or that you may provide in the course of your interest in our Services, during your usage of our Platform, during business transactions, conferences and engagements or when you visit our website. We are transparent about our practices regarding the information we collect, use, maintain and process and describe our practices in this policy and notice. Please read the following carefully to understand our practices regarding your Personal Data and how we will treat it.

For the purposes of the EU General Data Protection Regulation and the UK Data Protection Law 2018 (together the "GDPR"), as well as other applicable privacy laws, Armadillex is a data controller ("Controller") in relation to the Personal Data of those who contract with us, the representatives of our Clients and prospective clients, employees, partners, vendors and website visitors.

BY ACCESSING OR USING OUR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTAND, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY AND OUR TERMS OF SERVICE. IF YOU DO NOT AGREE TO THIS POLICY, PLEASE DO NOT USE OUR SERVICES.

  1. 1. WHICH INFORMATION MAY WE COLLECT?

    Summary: we collect various categories of Personal Data detailed below, from users, clients, vendors, applicants and others who are in contact with us.

    Personal Data (also known as 'personal information' or 'personally identifiable information') means information which identifies or is reasonably capable of being associated with a particular natural person. Personal Data does not include information that has been deidentified, aggregated or anonymized.

    You do not have any legal obligation to provide any Personal Data to Armadillex. However, we require certain information in order to perform contracts, for internal audit purposes or to provide any Services. If you choose not to provide us with certain information, then we may not be able to provide you or your organization with some or all of the Services.

    We collect several categories of Personal Data from a variety of sources while providing our Services and conducting our business, including those listed below.

    1. User data

      If you are a user of our Platform, we collect your Personal Data as necessary in order to provide you with our Services. This data is provided voluntarily by you in a variety of ways, including: during your registration to our Platform; during your ongoing use of our Platform; and when you contact us for support or other matters. This data includes your name, contact details, login credentials, Platform usage details, device and browser identifiers, and other data that you submit to us.

    2. Client and vendor data

      If you are a representative of a client or a vendor, or other business partner, we collect Personal Data when you or the organization you are associated with send it to us, including through registration and communication with us.

      We collect Personal Data required to provide Services when you register interest, or when you provide us such information through the Platform, or in meetings or conferences, or in the course of preparing a contract, or when contacting us or submitting requests for information or support, through your use of our website and Platform, by email, phone, or other ways in which you communicate and interact with us. This Personal Data generally includes your name (first and last), email address, phone number, job title, company name, country, Platform login credentials and other information you may choose to provide.

    3. Technical and behavioral information we collect through your use of our website and Platform

      When you are using our website and Platform, our systems collect and record the information relating to such usage, either independently or through the help of third-party services. This includes technical information and behavioral information such as the user's Internet protocol (IP) address used to connect your device to the Internet, your uniform resource locators (URL), operating system, type of browser, browser plug-in types and versions, screen resolution, Flash version, time zone setting and device details, and limited session replay data.

      We likewise place functional cookies essential for the working of the Platform on your browsing devices (see 'Cookies' section below).

    4. Employment candidates

      We collect Personal Data and other information relating to employment candidates, including name, address, email address, telephone number, and information on resumes. We may also collect information through notes on meetings, standardized tests, reports, references, interviewer impressions and such industry standard data, as well as data made publicly available or available to us on social networks.

  2. 2. WHAT ARE THE PURPOSES OF PERSONAL DATA WE COLLECT?

    Summary: we process Personal Data to provide our Services and, operate our website and Platform, meet our obligations, protect our rights and manage our business.

    We will use Personal Data to provide and improve our Services to our Clients and others, operate our website and Platform and meet our contractual, ethical and legal obligations. All Personal Data will remain accurate, complete and relevant for the stated purposes for which it was processed, including for example:

    Processing which is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract:

    • carrying out our obligations arising from any contracts entered into between you and Armadillex and/or any contracts entered into with Armadillex and to provide you with the information, support and Services that you request from Armadillex;
    • verifying and carrying out financial transactions in relation to invoicing and payments you make in connection with the Services.

    Processing which is necessary for the purposes of the legitimate interests pursued by Armadillex or by a third party of providing efficient and effective Services to Clients:

    • notifying you about changes to our Platform and Services;
    • contacting you to give you industry updates or promotional information about data protection, and related content and webinars, or additional Services offered by Armadillex which may be of interest to you (after you provide consent, when required under applicable law). You can unsubscribe from these communications at any point;
    • for marketing purposes;
    • soliciting feedback in connection with the Services;
    • tracking use of our website and Platform to enable us to optimize them;
    • contacting you to ask if you agree to provide a testimonial on our website or to act as a reference;
    • if you are a potential client or partner - contacting you in order to interest you in our Services;
    • anonymizing personal data in order to provide Clients with statistical aggregated data in connection with the Services, or to publish anonymized, aggregated data of interest to the industry;
    • for security purposes and to identify and authenticate your access to the login zone;
    • to enforce and defence our rights and those of our clients, partners, staff and third parties.

    Processing which is necessary for compliance with a legal obligation to which Armadillex is subject or for exercising and defending legal claims:

    • compliance and audit purposes, such as meeting our reporting obligations in our various jurisdictions, anti-money laundering, tax related obligations, and for crime prevention and prosecution in so far as it relates to our staff, clients, service providers, facilities etc;
    • if necessary, we will use Personal Data to enforce our terms, policies and legal agreements, to comply with court orders and warrants and assist law enforcement agencies as required by law, to collect debts, to prevent fraud, infringements, identity thefts and any other service misuse, and to take any action in any legal dispute and proceeding.

  3. 3. SHARING DATA WITH THIRD PARTIES

    Summary: we share Personal Data with our service providers, partners, and group companies, and authorities where required.

    We transfer Personal Data to:

    Members of our Group: If in the future we have affiliates - which means affiliate companies - whether wholly or partially owned by Armadillex, and co-owned companies – we will transfer Personal Data to them.

    Third Parties. We transfer Personal Data to third parties in a variety of circumstances. We endeavor to ensure that these third parties use your information only to the extent necessary to perform their functions, and to have a contract in place with them to govern their processing on our behalf. These third parties include business partners, suppliers, affiliates, agents and/or sub-contractors for the performance of any contract we enter into with you. They assist us in providing the Services we offer, processing transactions, fulfilling requests for information, receiving and sending communications, analyzing data, providing IT and other support services or in other tasks, from time to time. These third parties also include analytics and search engine providers that assist us in the improvement and optimization of our website, Platform and marketing.

    We periodically add and remove third party providers. At present services provided by third-party providers to whom we transfer Personal Data include also the following:

    • Website analytics and hosting;
    • Document management and sharing services;
    • Client ticketing and support;
    • On-site and cloud-based database services;
    • Authentication and pseudonymization services;
    • CRM software;
    • Data security, data backup, and data access control systems;
    • Our lawyers, accountants, and other standard business software and partners.

    In addition, we will disclose Personal Data to third parties if some or all of our companies or assets are acquired by a third party including by way of a merger, share acquisition, asset purchase or any similar transaction, in which case Personal Data will be one of the transferred assets. Likewise, we transfer Personal Data to third parties if we are under a duty to disclose or share your Personal Data in order to comply with any legal or audit or compliance obligation, in the course of any legal or regulatory proceeding or investigation, or in order to enforce or apply our terms and other agreements with you or with a third party; or to assert or protect the rights, property, or safety of Armadillex, our clients, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.

    For avoidance of doubt, Armadillex may transfer and disclose non-Personal Data to third parties at its own discretion, including data anonymized or aggregated by Armadillex.

  4. 4. WHERE DO WE STORE YOUR DATA?

    Summary: we store your Personal Data across multiple locations globally

    We store your Personal Data on servers owned or controlled by Armadillex, or processed by third parties on behalf of Armadillex, by reputable service providers (see the following section regarding international transfers).

  5. 5. INTERNATIONAL DATA TRANSFERS

    Summary: we transfer Personal Data within and to the EEA, UK, USA, Israel and elsewhere, with appropriate safeguards in place.

    Personal Data collected in the EU and UK is transferred to, and stored and processed at, a destination outside the European Economic Area (EEA) and the UK. This includes transfers to Israel, a jurisdiction deemed adequate by the EU Commission. It may in the future be transferred to the USA, not currently deemed adequate.

    Where your Data is transferred outside of the EEA or UK, we will take all steps reasonably necessary to ensure that your Data is subject to appropriate safeguards, including entering into contracts that require the recipients to adhere to data protection standards that are considered satisfactory under EU law and other applicable, and that it is treated securely and in accordance with this Privacy Policy. Transfers from the EEA to Israel are made based on an adequacy ruling by the EU Commission. Transfers from the EEA to the USA are made based on the Standard Contractual Clauses published by the EU Commission (Module 2 or Module 3 as appropriate). Transfers from the UK to the EEA and to Israel and made based on UK's adequacy regulations. Transfers from the UK to the USA are made based on the UK's International Data Transfer Addendum to the EU Commission Standard Contractual Clauses. For more information about these safeguards, please contact us as detailed below.

    We transfer Personal Data to locations outside of the EEA as above in order to:

    • store or backup the information;
    • enable us to provide you with the Services and fulfill our contract with you;
    • fulfill any legal, audit, ethical or compliance obligations which require us to make that transfer;
    • facilitate the operation of our group businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights;
    • to serve our clients across multiple jurisdictions;
    • to pursue and give effect to corporate transactions; and
    • to operate our affiliates in an efficient and optimal manner.

  6. 6. DATA RETENTION

    Summary: we retain Personal Data according to our data retention policy, as required to provide our Services, meet our obligations, protect our rights, and manage our business.

    Armadillex will retain Personal Data it processes only for as long as required in our view, to provide the Services, and as necessary to comply with our legal and other obligations, to resolve disputes and to enforce agreements. We will also retain Personal Data to meet any audit, compliance and business best-practices.

    If you would like the Personal Data associated with your Platform account deleted, please contact us at [email protected]. Subject to applicable laws (see "Data Subject Rights" bellow) the deletion of your account may not remove records of past use of the Service. Such data may be maintained and/or deleted in the ordinary course of Armadillex's business. Some data may also be retained on our third-party service providers' servers until deleted in accordance with their privacy policy and their retention policy, and in our backups until overwritten. Armadillex will take reasonable steps to protect against unauthorized access to or use of any personal information contained in records that are deleted from our system

    Data that is no longer retained will be anonymized or deleted. Likewise, some metadata and statistical information concerning the use of our website, Platform and Services are not subject to the deletion procedures in this policy and will be retained by Armadillex. We will not be able to identify you from this data.

  7. 7. SERVICES AND WEBSITE DATA COLLECTION AND COOKIES

    Summary: with your consent, we place cookies on your device. You control our use of cookies through a cookie management tool on our websites, or through your device and browser.

    Armadillex uses cookies, pixel tags and other forms of identification and local storage (together referred to below as "cookies") to distinguish you from other users of the website and of websites of our network. This helps us to provide you with a good user-experience when you browse the website and websites of our network and also allows us to improve our website and our Services.

    In many cases, these cookies lead to the use of your device's processing or storage capabilities. Some of these cookies are set by us, others by third parties; some only last as long as your browser session, while others can stay active on your device for a longer period of time.

    These cookies can fall into several categories: (i) those that are necessary for functionality or Services that you request or for the transmission of communications (functionality cookies); (ii) those that we use to carry out website performance and audience metrics (analytics cookies) and (iii) the rest (tracking across a network of other websites, advertising, etc.) (other cookies).

    Internet browsers allow you to change your cookie settings, for example to block certain kinds of cookies or files. You can therefore block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies, you may not be able to access all or parts of the website, due to the fact that some may be functionality cookies.

    Functionality cookies do not require your consent. For other cookies, however, we request your consent before placing them on your device. You can allow cookies in your browser settings and use our website cookie management too.

    To consult the list of cookies which we use on our website, please check your browser's settings or see the full list of our cookies, their category, purpose and duration by clicking "customize" on our cookie banner.

  8. 8. SECURITY AND STORAGE OF INFORMATION

    Summary: we take data security very seriously, invest in security systems, and train our staff. In the event of a breach, we will notify the right people as required by law.

    We take great care in implementing, enforcing and maintaining the security of the Personal Data we process. Armadillex implements, enforces and maintains security measures, technologies and policies to prevent the unauthorized or accidental access to or destruction, loss, modification, use or disclosure of Personal Data. We likewise take steps to monitor compliance of such policies on an ongoing basis. Where we deem it necessary in light of the nature of the data in question and the risks to data subjects, we encrypt data in transit and at rest. Likewise, we take industry standard steps to ensure our website, Platform and Services are safe and to prevent unauthorized access to our data bases. Other security safeguards include, but are not limited to, multi-factor authentication, anti-virus, audit logs, strict access controls, breach detection systems and physical access controls to our systems.

    Note however, that no data security measures are perfect or impenetrable, and we cannot guarantee that unauthorized access, leaks, viruses and other data security breaches will never occur.

    Within Armadillex, we endeavor to limit access to Personal Data to those of our personnel who: (i) require access in order for Armadillex to provide its Services and fulfill its obligations, including also under its agreements, and as described in this Privacy Policy, and (ii) have been appropriately and periodically trained with respect to the requirements applicable to the processing, care and handling of the Personal Data, and (iii) are under confidentiality obligations as may be required under applicable law.

    Armadillex acts in accordance with its policies and with applicable law to promptly notify the relevant authorities and data subjects in the event that any Personal Data processed by Armadillex is lost, stolen, or where there has been any unauthorized access to it, all in accordance with applicable law. Armadillex promptly takes reasonable remedial measures.

  9. 9. DATA SUBJECT RIGHTS

    Summary: depending on the law that applies to your Personal Data, you may have various data subject rights, such as rights to access, erase, and correct Personal Data, and information rights. We will respect any lawful request to exercise those rights.

    Data subjects in the EU or UK, or other individuals with respect to whom other data protection laws apply, have rights under GDPR and applicable laws, including, in different circumstances, rights to data portability, rights to access data, rectify data, object to processing, and erase data.

    A data subject who wishes to modify, delete or retrieve their Personal Data, or to otherwise exercise their data subject rights, may do so by contacting Armadillex ([email protected]).

    Note that Armadillex may have to undertake a process to identify a data subject exercising their rights. Armadillex may keep details of such rights exercised for its own compliance and audit requirements. Please note that Personal Data may be either deleted or retained in an aggregated manner without being linked to any identifiers or Personal Data, depending on technical commercial capability. Such information may continue to be used by Armadillex.

    It is clarified that where Personal Data is provided by a client being the data subject's employer or otherwise their data controller, such data subject rights will have to be effected through that controller. In addition, data subject rights cannot be exercised in a manner inconsistent with the rights of Armadillex employees and staff, with Armadillex proprietary rights, and third-party rights. As such, job references, reviews, internal notes and assessments, documents and notes including proprietary information or forms of intellectual property, cannot be accessed or erased or rectified by data subjects. In addition, these rights may not be exercisable where they relate to data that is not in a structured form, for example emails, or where other exemptions apply. If processing occurs based on consent, data subjects have a right to withdraw their consent.

    Data subjects in the EU, UK and other locations have the right to lodge a complaint, with a data protection supervisory authority in the place of their habitual residence. If the supervisory authority fails to deal with a complaint, you may have the right to an effective judicial remedy.

  10. 10. CALIFORNIA ONLINE PRIVACY PROTECTION ACT NOTICE

    Do Not Track ("DNT") is a privacy preference that users can set in certain web browsers to inform websites that they do not want to be tracked. We do not respond to or honor DNT signals.

  11. 11. CPRA

    Armadillex does not meet the threshold of the California Privacy Rights Act of 2020 ("CPRA"), and therefore its data processing activities as a Business (such as regarding Website visitor data) are not governed by the CPRA. Armadillex acts as a Service Provider (as defined in the CPRA) on behalf of its customers regarding customer Platform users, and, where the CPRA is applicable to its customers, Armadillex is committed to processing Personal Information on their behalf in accordance with the CPRA.

  12. 12. MINORS

    We do not knowingly collect or solicit information or data from or about children under the age of 16 without parental consent, or knowingly allow children under the age of 16 to register to our Platform. If you are under 16, do not register or attempt to register for any of the Armadillex Services or send any information about yourself to us. If we learn that we have collected or have been sent Personal Data from a child under the age of 16 without appropriate permissions, we will delete that Personal Data as soon as reasonably practicable without any liability to Armadillex. If you believe that we might have collected or been sent information from a minor under the age of 16, please contact us at: [email protected], as soon as possible.

  13. 13. THIRD PARTY LINKS

    In the future, we may include third party links on our website. Please note that this privacy policy only applies to the Personal Data that we (or third parties on our behalf) collect from or about you and we cannot be responsible for personal information collected and stored by third parties. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to these websites. We do not endorse or otherwise accept any responsibility or liability for the content of such third-party websites or third-party terms and conditions or policies.

  14. 14. CHANGES TO THIS PRIVACY POLICY

    The terms of this Privacy Policy will govern the use of the website, and any information collected in connection with Armadillex's contractual obligations, Services and Platform. Armadillex may amend or update this Privacy Policy from time to time. The most current version of this Privacy Policy will be available at: https://Armadillex.com/privacy-policy/. Changes to this Privacy Policy are effective as of the stated "Last Revised" date and your continued use of our Services will constitute your active acceptance of the changes to and terms of the Privacy Policy. If you would like to prior notice of changes to this privacy policy, write us to request to be added to the update list at [email protected].

  15. 15. CONTACT US

    Armadillex aims to process only adequate, accurate and relevant data limited to the needs and purposes for which it is gathered. It also aims to store data for the time period necessary to fulfill the purpose for which the data is gathered. Armadillex only collects data in connection with a specific lawful purpose and only processes data in accordance with this Privacy Policy. Our policies and practices are constantly evolving and improving, and we invite any suggestions for improvements, questions, complaints or comments concerning this Privacy Policy, you are welcome to contact us (details below) and we will make an effort to reply within a reasonable timeframe.

    Armadillex's data protection officer (DPO), and its appointed GDPR Article 27 representative, MyEDPO, may both be contacted at: [email protected].

    * * * * *

Last Revised: February 28, 2023