Privacy Policy
Please read this “Privacy Notice” carefully. This Privacy Notice describes the data collection, use, protection, and privacy practices of Cassidy, Inc. (hereinafter, “Cassidy”, “we”, “our” or “us”) in connection with our products, services, and business. If you have any questions regarding this Privacy Notice and/or our data practices, please Contact Us.
By visiting, accessing, or using any of our Services (as defined in Section 1 below – Cassidy’s Services and Scope of Privacy Notice) you acknowledge and agree that you have received and reviewed this Privacy Notice. We may update this Privacy Notice as described in Section 3 below - Changes to this Privacy Notice.
Please also review the applicable Terms of Service, which also apply to the use of our Services. Terms that are defined in the Terms of Service have the same meaning in this Privacy Notice unless this Privacy Notice specifies differently.
If you're a resident of California or Nevada or visiting us from the European Economic Area ("EEA"), Switzerland, United Kingdom (“UK”), or other Non-U.S. Territory, you should read the applicable sections below for specific rights applicable to residents of California, Nevada, and Europe and other Non-U.S. Territories.
1. Cassidy’s services and scope of privacy notice
Cassidy’s Services
Cassidy owns, operates, and provides:
our “Websites” located at https://www.cassidyai.com/, their subdomains, and any other websites that include an authorized link to this Privacy Notice; and
Cassidy’s proprietary business automation and management hosted software platform (the “Platform”); and
When we refer to the “Services” throughout this Privacy Notice, we mean, collectively, the Websites, the Platform, and any other websites, services, and/or applications provided by us and that include a link and/or reference to this Privacy Notice, and any related services and/or new features and/or functionality provided by us through or in connection with any of the foregoing.
Scope of this Privacy Notice
This Privacy Notice applies to personal data that may be collected, received, and processed by us relating to:
“Visitors” browsing or using our Websites or who interact with us through any pages or feeds of our accounts on any social media sites or platforms, such as through LinkedIn, Twitter, and/or any Meta platforms (“Social Media Platforms”).
“Customers” who have entered into Cassidy’s terms of use, terms of service, or other agreement with Cassidy for the use of the Platform (and related Services) (the “Customer Agreement”), and, where applicable as described in Section 2 below, the employees, contractors, agents, or representatives of the relevant Customer that have been authorized to use, or otherwise accessing, the Platform (and related Services) on behalf the Customer (“Authorized Users”).
All other users of the Services, whether registered or unregistered (together with Visitors, Customers and Authorized Users, collectively, “Users”).
The term “personal data” means any information about an individual from which that person may be identified. For example, it may include a person’s name, telephone number, email address, IP Address, or other unique identifiers. It does not include data from which the identity of an individual has been definitively removed along with any identifiers connected to such individual (also known as anonymous or anonymized data).
2. Important Note Regarding Information Controlled by Our Customers
Our Customers control the collection, use, and processing of personal data and other information that is submitted, uploaded, and/or otherwise provided in connection with their use of the Services, which may include personal data that relates to Authorized Users.
Such personal data is collected and processed by Cassidy on behalf of the Customer pursuant to the Customer Agreement. Under relevant data protection laws, Cassidy acts as the “data processor” or “service provider” on behalf of the applicable Customer who is the “data controller” or “business”.
Our Customers determine their own policies for handling personal data, and Cassidy does not control our Customer’s policies or the manner in which they handle personal data. Except where there is a specific reference to an Authorized User expressly stated herein, this Privacy Notice does not apply to personal data of Authorized Users that we process on behalf of our Customers.
If you are an Authorized User, you are responsible for reviewing the policies, including any privacy policies, of the relevant Customer. If you have questions regarding how a Customer processes your personal data or if you wish to exercise a data rights request as applicable under relevant data protection law, please contact the applicable Customer. Please note that if you submit any such request to us, we will forward it to the applicable Customer.
3. Changes to this Privacy Notice
Cassidy reserves the right to update or modify this Privacy Notice at any time. Except for material changes as described below in this Section, all updates and modifications to this Privacy Notice will be effective from the day they are posted on our Privacy Notice page. If we make any material changes to this Privacy Notice, we will provide you with reasonable notice prior to such change taking effect by sending a notification to the email address we have on file for you, and may also post a prominent notice of any such changes on our Websites. Material changes to this Privacy Notice will become effective on the date set forth in the notice, and all other changes will become effective from the day they are posted on our Websites. It is your responsibility to regularly visit and review this Privacy Notice.
If you do not agree to any updates or modifications to the Privacy Notice, cease all use of the Services. Continued use of the Services by you, or, if you are a Customer, any of your Authorized Users, after the applicable effective date of the revised Privacy Notice, signifies to us that you acknowledge and agree to be bound by the revised Privacy Notice.
4. Information We Collect
We collect information provided directly by Visitors, Customers and Users, as explained in the Section Information Provided Directly by Users, and in certain circumstances, we automatically collect certain information when accessing or using the Services as explained in the Section Information Collected Automatically. In addition, we may receive personal data from third party sources as described in the Section Information Collected from Third Party Sources.
a. Information Provided Directly by Users
The personal data we collect in connection with the use of the Services depends on how and why you use the Services. For example, the information that we may process about Visitors is more limited than the information we may process if you are a Customer. Note that you may choose not to provide personal data directly to us or to not use the Services. However, some personal data is necessary so that we can provide you with the Services you have requested. Failure to provide this information may prevent us from providing you with access to our Services.
Account Data: If you register an account for the Services (“Account”), we will collect contact and other information such as your name (first and last), email address, phone number, business address, and the name of your employer, your occupation and/or profession
Login Credentials: When you login to your Account as a registered user, we collect your username, password and/or other login credentials.
Customer Content: We collect and process the data, text, images, recordings, videos, materials, and other information submitted, uploaded, and/or otherwise provided by or on behalf of Customer’s and/or Authorized User’s in connection with the use of the Services (collectively, “Customer Content”). Customer Content is controlled by our Customers, and we collect and process such information solely on behalf of the applicable Customer in accordance with the Customer Agreement entered into with such Customer.
Payment Transaction Information: If you purchase access to the Services, we may collect certain limited payment information (for example, partial payment or credit card information, and limited transaction information like the date of purchase). Cassidy does not directly collect or store any payment information. Payment information (including the limited information we receive described here), is collected and processed by our third-party payment processors. For more information, please see the Payment Processors section of this Privacy Notice.
Contact Information: Contact information, such as first and last names, and/or email addresses collected through our sign-up forms to receive our marketing communications and/or newsletters.
User Submissions - Surveys, Feedback, Communications & Support: We collect the information, data, content, documents and/or materials you provide or submit to us when you fill out forms, answer surveys, or contact us (such as your feedback, requests for support, or other communications with us).
Usage Data: We collect Usage Data as described below in the Section titled Information Collected Automatically.
Please be advised that we may ask you to update your information from time to time in order to keep it accurate. Additionally, if you provide personal data to us about someone else, you must ensure that you are entitled to disclose that information to us and, without us having to take any further steps required by data protection laws, that we may collect, use and disclose such information for the purposes described in this Privacy Notice. For example, you should ensure the individual concerned is aware of the terms detailed in this Privacy Notice and that they have not objected or do not object to you sharing their information with us.
b. Information Collected Automatically
When you visit, use, or interact with the Services, we may receive the following information about your visit, use, or interactions (collectively, “Usage Data”). Typically, this data is transmitted and collected automatically (without action by you) using cookies and similar technologies as described in Section 4 below.
Log Data: Information that your browser or device automatically sends when you use our Services. Log data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interact with our Services.
Usage and Analytics: Information and analytics about your use of the Services, such as the types of content that you view or engage with, the features you use and the actions you take, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, your computer connection, searches and other actions you take, websites, apps and/or ads that referred you to the website, advertising and language preferences.
Device Information: Information regarding the device used to access the Services, which may depend on the type of device you use and its settings, but generally includes, name of the device, operating system, system configuration information, device identifiers, and browser you are using.
c. Information Collected from Third Party Sources
In some instances, we process personal data from third parties, which consists of:
Our Customers: We may receive personal data from our Customers. For example, we receive Customer Content, which may contain personal data, and we may receive other information from our Customers about their Authorized Users). We use this information to provide the Services to the Customer pursuant to the Customer Agreement.
Service Providers: We receive information from third party service providers as described in Section 9.a below (“Service Providers”), that help us in the operation, provision, administration and management of the Services, such as our cloud or hosting service providers, customer support providers, and our analytics providers.
Third Party Integrations: If you use any products, services, software, content, and/or features (including, without limitation, data products and services) that Cassidy has integrated with, and/or has otherwise made accessible for use through, our Services (collectively, “Third Party Integrations”), we may receive information about you from the providers of such Third Party Integrations or through the integration related to your use thereof in connection with our Services.
Other Third Parties & Sources: We may receive data and information from third party partners, and/or other data licensors and/or providers that we have a relationship with, and/or information collected from publicly available sources, such as online business profiles, social media accounts, and/or webpages, which may include your name, or a publicly available business address, and related activity on such profiles, social media accounts, and/or webpages.
Social Media Networks: If you interact with us through any Social Media Platforms, we may collect information such as your name, username, demographic information, contact information such as email address, location, interests, and publicly posted data such as your social media activity.
d. Aggregated or De-Identified Data
With the personal information and other data (including, Usage Data) collected by us, we may aggregate or de-identify such data and information so that it can no longer be used to identify you. We use this information to analyze the effectiveness of our Services, to improve and add features to our Services, to conduct research and for other similar purposes. In addition, from time to time, we may share or publish aggregated information like general user statistics with third parties. We collect this information through the Services, through cookies, and through other means described in this Privacy Notice. We will maintain and use de-identified information in anonymous or de-identified form and we will not attempt to re-identify the information, unless required by law.
5. Cookies & Similar Technologies
We or authorized third parties or agents may collect certain information by automated means using cookies and/or similar technologies such as, web beacons, embedded scripts, pixels, and browser analysis tools (collectively, “Cookies”). Cookies collect information such as Usage Data.
We may also use third party advertising partners (e.g., Google, Bing, LinkedIn, and Meta) who use targeting/advertising Cookies to deliver advertisements that are more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaigns. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organizations such as advertisers.
For more information on our use of Cookies, please see our Cookie Policy.
6. Payment Processors
Cassidy does not directly collect or store your payment information. We use third-party, PCI-compliant payment processors to collect and process payments on our behalf. Our payment processors may provide us with limited information to confirm the transaction. Information collected by these third-party payment processors is governed by the applicable third-party payment processor’s privacy policy. You should review the applicable privacy policy prior to submitting any information to the applicable third-party payment processors.
7. Children’s Privacy
Cassidy does not target the Services to persons under the age of 18, nor does Cassidy knowingly collect personal data of persons under the age of 18. Therefore, we ask you not to provide us with personal data of persons under the age of 18. If we learn that personal data of persons under the age of 18 has been collected on or through the Services, then we may deactivate the Account or otherwise terminate access to the Services and/or make the information inaccessible.
8. Sensitive Data
Cassidy does not require you to provide any sensitive data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health and genetics, or biometric data to use the Services.
9. Cassidy’s Purposes for Collecting and Using Personal Data
Depending on whether you are a Visitor, Customer or User, and how you use or interact with the Services, Cassidy processes personal data for the following purposes:
Providing, Customizing and Improving our Products and Services
To host the Websites and the online aspects of the Services.
To perform and provide the Services to our Users.
To enable access to Third Party Integrations that you use in connection with the Services.
To maintain, enable, upgrade, update, improve, and/or enhance the Services, and develop new features, functionality, and/or other products and services.
To conduct analytics related to the Services, such as to understand how they are being used and where improvements may be needed.
To personalize our Services, such as remembering your information so that you will not have to re-enter it during your visit or the next time you visit the Services.
To detect any fraudulent or illegal activity against Cassidy, you, and our other Users.
The use and transfer of raw or derived user data received from Google Workspace APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Data obtained through Google Workspace APIs is used only to deliver the requested functionality of the Services; we do not retain, use, or share this data to develop, improve, or train generalized AI or machine-learning models.
Marketing our Product and Services
To provide customized advertisements, content, and information regarding our Services, where and as permitted under applicable law.
Deliver direct marketing communications to you regarding our products and services that we may think are of interest to you.
Communicating with Users
Respond to your queries and requests, or otherwise communicate directly with you.
To keep you updated about changes to policies related to the Services (including this Privacy Notice).
Meeting Legal Requirements and Enforcing Legal Terms (as further described below in Legal Obligations and Security)
To comply with a legal or regulatory obligation (for example, keeping records of our sales for tax compliance) and investigating security incidents.
Protecting the rights, property or safety of you, Cassidy or another party.
To respond to regulatory bodies when legally required (for example, responding to a valid court order).
To enforce our rights under our contracts and agreements.
10. Sharing Personal Data
Aside from disclosing your information to those of our employees, contractors and agents who are authorized to process the information in order to provide the Services and who are committed to confidentiality, we disclose your personal data only to the third parties as described below.
a. Service Providers
We share personal data with our Service Providers that help us in the operation, provision, administration and management of the Services, and to otherwise operate our business. Depending on how you use the Services, the following categories of third parties collect or receive personal data on our behalf as our Service Providers:
Hosting providers;
Internet Service providers;
Analytics providers,
Marketing and Advertising providers,
Payment processing providers;
Providers of business operations and communication tools;
Other third-party service providers that help us provide features and functions for the Services (e.g., customer support providers), and
Professional service providers, such as auditors, lawyers, consultants, accountants and insurers.
For a list of all Service Providers we use, please contact us via email at support@cassidyai.com. We require all Service Providers to respect the security of your personal data and to treat it in accordance with the law.
b. Disclosures Directed by our Customers
We will share and disclose personal data of Authorized Users with the relevant Customer and otherwise in accordance with the Customer’s instructions, including any applicable terms in the Customer Agreement.
If you are an Authorized User of a Customer, please contact the relevant Customer to learn more about how your information may be used, shared and/or disclosed by us on their behalf.
c. Third Party Integrations
When you interact with and/or use Third Party Integrations, certain information may be exchanged between Cassidy and the provider of the applicable Third Party Integration.
Note that the Third Party Integrations you choose to interact with and/or use, and their providers, are not our service providers. The applicable providers of Third Party Integrations may use personal information differently than we do and we do not control their use of your information. Please review the privacy notices for the Third Party Integrations that you use in connection with the Services.
d. Business Transfers
We may also share data with third parties to whom we choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.
e. Affiliates and Subsidiaries
Personal data that we collect about you may be shared with the employees, contractors, and agents of Cassidy and our affiliated and subsidiary entities (“Affiliates”) who are involved in providing or improving the Services that we offer to you. We obligate the employees, contractors and agents of Cassidy and our Affiliates to ensure the security and confidentiality of your personal data and to act on that personal data only in a manner consistent with this Privacy Notice.
f. Legal Obligations and Security
Regulatory and Government Bodies – Compliance with Law
We may disclose your information to regulatory agencies and official government bodies, as required to comply with or satisfy any laws, rules, or regulations applicable to Cassidy.
Required Disclosures – Responding to Legal Orders
If we are required to disclose personal data by law, such as pursuant to a subpoena, warrant or other judicial or administrative order, our policy is to respond to requests that are properly issued by law enforcement within the United States. Under such circumstances, unless prohibited by applicable law, we will attempt to provide you with prior notice that a request for your personal data has been made in order to give you an opportunity to object to the disclosure. We will attempt to provide this notice by email, if you have given us an email address. However, government requests may include a court-granted non-disclosure order, which prohibits us from giving notice to the affected individual. In cases where we receive a non-disclosure order, we will notify you when it has expired or once we are authorized to do so.
If you are an Authorized User of a Customer, please consult with the relevant Customer to learn more about how they respond to requests for information pursuant to legal orders.
Exigent Circumstances & Enforcement/Protection of Our Rights
Your information, including the contents of all of your online communications in our Services and between you and Cassidy may be accessed and monitored as needed to provide our Service and may be disclosed to law enforcement, regulatory agencies, official government bodies, and other third parties, as we, in our sole discretion, believe necessary or appropriate:
To enforce our rights under our Terms of Service Agreement, and any other terms of use, terms of service, customer agreements and/or any other terms and conditions applicable to the use of the Services;
In connection with an investigation of fraud, intellectual property infringement, piracy or other unlawful activity or activity that may expose us or our affiliates, partners and/or agents to legal liability; and/or
If we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person.
g. With Your Consent
There may be situations where you are asked to consent to share personal data with third parties for additional reasons not included in this Privacy Notice. In such event, we will only share such personal data if we have received your prior consent and only for the purposes as listed in the request to share such information.
Except where otherwise required by applicable law, your consent for the use and/or disclosure of your personal data in specific situations will continue in full force and effect until you revoke that consent, which you may do by contacting us via email at support@cassidyai.com. For the avoidance of doubt, the revocation of consent shall only apply to the use the information after our receipt and processing of such request (which we shall process promptly and in accordance with applicable law), and not to any use or disclosure prior to such revocation in compliance with your consent.
11. Marketing Communications
If you have not otherwise opted out (or with your consent where required by applicable law), or if you have opted in to receive direct marketing emails from us, we may use your personal data to send you marketing information about the Cassidy business, our Services, new product releases, new feature releases of the Services, and/or other products and services, that we think may interest you. We carry out direct marketing by email.
If you no longer wish to receive marketing communications, you have the right at any time to opt out as further explained in Your Choices.
12. Your Choices
a. Accessing, Updating and Correcting Personal Data
If you would like to access, update, and correct personal data, please contact us via email at support@cassidyai.com, and we will use reasonable efforts to correct and/or update such information.
Please note that if you are an Authorized User, any request to correct, access, update or delete your personal data will need to be directed to the applicable Customer.
b. Direct Marketing
You may manage the receipt of marketing and non-transactional communications sent by email by clicking on the “unsubscribe” link located on the bottom of any of our marketing e-mails.
We will use commercially reasonable efforts to process such requests in a timely manner. Note that you cannot opt out of receiving transactional e-mails or communications related to the Services (e.g., requests for support), which, for clarification, are not marketing communications.
c. Cookies & Targeted Advertising
You can manage your cookie and tracking preferences as described in our Cookie Policy.
d. Additional Data Subject Rights
If you are visiting from the EEA, Switzerland or UK, or from another territory outside the U.S., you may have additional rights you can exercise as described here.
In addition, if you are an Authorized User of a Customer that is a “controller” or “business” under relevant data protection laws of the United States, you may have additional data subject rights depending on the location of the Customer or where you reside. These rights may include the right to:
Access your personal data and information relating to how it is processed.
Delete your personal data.
Rectify or update your personal data.
Transfer your personal data to a third party (right to data portability).
Restrict how your personal data is processed.
Withdraw your consent—where consent is relied on as the legal basis for processing at any time.
Object to how your personal data is processed.
To be informed of any automated decision-making and profiling based on your personal data.
Lodge a complaint with your local data protection authority.
If you have inquiries about your applicable data subject rights, please contact the relevant Customer. As the “processor” or “service provider” of our Customers under relevant data protection laws, we will comply with their instructions and applicable law in responding to data subject requests pursuant to the Customer Agreement. Please note that if you submit a data subject request to us, we will forward it to the relevant Customer.
13. Data Retention
Personal data is processed for the period necessary to fulfill the purposes for which it is collected, to comply with legal and regulatory obligations and for the duration of any period necessary to establish, exercise or defend any legal rights.
Typically, we retain personal data about you for as long as you have an Account with us or as otherwise necessary to provide you with our Services. In some cases, we retain personal data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation.
In order to determine the most appropriate retention periods for your personal data, we consider the amount, nature and sensitivity of your information, the reasons for which we collect and process your personal data, and applicable legal requirements.
In some instances, we may choose to anonymize personal data instead of deleting it. When we choose to anonymize, we make sure that there is no way that the personal data can be linked back to any specific individual.
If you are an Authorized User of a Customer, contact the relevant Customer regarding the Customer’s data retention policies.
14. Data Security and Protection
We have put in place reasonable and appropriate security measures designed to prevent your personal data from being accidentally lost, altered, disclosed, used or accessed in an unauthorized way. For example, we may use encryption, firewalls, and password protection. In addition, we limit access to personal data to those employees, agents, contractors and the third parties who have a business need-to-know. We also have procedures in place to deal with any suspected data security breach.
However, no method of transmission over the Internet, or method of electronic storage, is 100% secure, and while we take reasonable steps to provide secure services, by using the Services, you understand and assume the risks associated with your activities on the internet.
Additionally, we cannot control the actions of other Users with whom you may choose to share your information. Further, even after information posted on the Services is removed, caching and archiving services may have saved that information, and other Users or third parties may have copied or stored the information available on the Services. To the fullest extent permitted under applicable law, we cannot and do not guarantee that information you post on or transmit to the Services will not be viewed by unauthorized persons.
15. Third Party Social media Plug-Ins
On or through the Services we may provide third-party “share” buttons which enable you to share certain content via social media sites (e.g., Facebook, Twitter, Instagram, YouTube, and LinkedIn). These “share” buttons may function as web beacons when you interact with the button. Please note that when you “share” using the buttons, you may send to the third party provider of the “share” button the information that you are viewing. If you are not logged into your account with the third party provider, then the third party may not know your identity. If you are logged in to your account with the third party, then the third party may be able to link information or actions about your interactions with the Services to your account with the applicable third party provider. Please refer to each third party’s privacy policies to learn more about its data practices.
16. External Websites
On or through the Services we may provide or make available, for informational purposes only, links to other websites or resources with which we do not have a contractual relationship and over which we do not have control (“External Websites”). Such links do not constitute an endorsement by Cassidy of those External Websites, and are provided to you only as a convenience. By clicking on links to External Websites, the operators of the External Websites may collect your personal data. We are not responsible for the content or data collection practices of those External Websites, and your use of External Websites is subject to their respective terms of use and privacy policies.
17. Notice to California Residents - Shine the Light Disclosure
California residents who have provided us with personal data have the right (under California Civil Code§ 1798.83) to request and obtain from us, once each year, the details of any personal data we shared with a third party for that third party’s direct marketing purposes during the prior calendar year. The details would include the categories of personal data and the names and addresses of the third party with which it was shared.
To request information about this sharing, you may submit a request via email to support@cassidyai.com with "Your California Privacy Rights" in the subject line, along with your first and last name, and complete mailing address (including street address, city, state, and zip code).
18. Notice to Nevada Residents
Under Nevada law, Nevada “consumers” (individuals who are seeking or acquiring goods/services for personal, family, or household purposes) may opt out of the sale of covered personal information.
Cassidy does not currently sell covered information of Nevada consumers as defined under applicable Nevada law.
You may submit an opt-out request by sending your request to support@cassidyai.com, along with your full name, complete mailing address (including street address, city, state, and zip code), email address (so that we can contact you, if needed, in connection with the request) and confirmation that you are a Nevada resident.
19. Notice to European and Non U.S. Residents
This notice supplements the information provided in this Privacy Policy to address certain disclosures under the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other similar comprehensive data protection law and applies only to individuals who are within the scope of this Privacy Notice and located in the EEA, UK, Switzerland, or another country with a similar comprehensive data protection law.
For the purposes of the GDPR and relevant local data protection laws, Cassidy is the data controller of personal information about its Visitors and certain account related data of Customers, and (b) the data processor of all other personal information processed on behalf of Customers, including, Customer Content. Personal Data as used in this Notice to European Residents means "personal data," as defined in Article 4(1) of the GDPR or the relevant section of the local data protection laws. If you have any questions about how we process your personal data, or to exercise your data protection rights please contact us using the methods provided in the “Contact Us” section of this Privacy Notice below.
a. Our Legal Basis for Processing
Generally, we process your personal data for one or more of the following legal bases:
Performance of a Contract: In order to perform the Services and fulfill our obligations under the contract we are about to enter into or have entered into with you. This may also include disclosure to the third parties who help us perform our obligations to you in connection with your use of the Services, such as hosting providers, and payment processors.
Legitimate Interests: When it is reasonably necessary to achieve our legitimate business interests (or those of a third party), and your interests and fundamental rights do not override those interests. For example, for security purposes and protection against fraud.
Legal Obligations: Where we need to comply with a legal or regulatory obligation. For example, keeping records of our sales for tax compliance.
Vital Interests: Where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
Consent: Where you have given us specific consent to use your personal data in a specific purpose. Please note that for this specific legal basis, you have the right to withdraw your consent at any time.
b. Data Subject Rights
Depending on your country of residence, your rights may include.
The right to be informed – that’s an obligation on us to inform you how we use your personal data (and that’s what we’re doing in this Privacy Notice);
The right of access – that’s a right to make what’s known as a ‘data subject access request’ for a copy of the personal data we hold about you;
The right to rectification – that’s a right to request that we correct personal data about you that may be incomplete or inaccurate (though we generally recommend first making any changes in your account if you have one);
The right to erasure (also known as the ‘right to be forgotten’) – that’s where in certain circumstances you can ask us to delete the personal data we have about you (unless there’s an overriding legal reason we need to keep it);
The right to restrict processing – that’s a right for you, in certain circumstances, to ask us to suspend processing personal data;
The right to data portability – that’s a right for you to ask us for a copy of your personal data in a common format (for example, a .csv file);
The right to object – that’s a right for you to object to us processing your personal data (for example, if you object to us processing your data for direct marketing); and
Rights in relation to automated decision-making and profiling – that’s a right you have for us to be transparent about any profiling we do, or any automated decision-making.
Withdraw Consent—that’s the right to revoke any consent you may have previously given us at any time, if we have collected and processed your personal data with your consent. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
File a complaint—that’s the right to file a complaint with a supervisory authority about our collection and processing of your personal data.
c. Exercising Your Rights
These rights are subject to certain rules around when you can exercise them. If you wish to exercise any of the rights set out above, please contact us.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We will respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.
If you no longer wish to receive our marketing/promotional information, you may opt out as described in the Your Choices section above.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us first.
Please note that if you submit a data subject request to us, we will forward it to the relevant Customer.
20. International Transfers
Cassidy is based in the United States. The personal data that we process is stored, hosted and processed on servers located in the United States. Additionally, Cassidy operates globally and may transfer the personal information that we process to our other offices and to the third parties described above. These recipients may be situated outside of your country or regional area of residence and may process personal information outside of your country or regional area. In particular, information provided to us or collected by us likely will be transferred to and processed in the United States by us or our Affiliates and our respective agents and contractors. The data protection laws of the United States or other countries may not be as comprehensive or equivalent to those in your country of residence.
We rely on legally-provided mechanisms to transfer personal information across borders where and as required under applicable law.
21. How to Contact Us
General Questions; Data Subject Requests: If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact us as follows:
By email: support@cassidyai.com; Subject Line: Privacy Request
By mail: Cassidy, Inc.
Attn: Cassidy Privacy Request
30528 Fox Glove Dr. Evergreen, CO 80439
