CommunityDevOps ExchangePartners

Privacy

View our privacy policy below or download it for your convenience.

hero vector
Cloud

Effective Date: March 8, 2024

1. Purpose and Scope.

Copado is committed to your privacy. We have created this Copado Privacy Policy (“Policy”) to inform you about the ways in which we handle personal data and information in our business. This Policy applies to Copado, Inc. and its affiliates and subsidiaries, including Copado Limited and Copado Netherlands B.V. (collectively referred to as “Copado”) and covers the services we provide to you, our sales and marketing activities, and related activities. Contracts held directly between Copado and our Customers, Partners, or Service Providers govern over the terms of this Policy.

 

We refer to personal data and information in this Policy as “personal data”. We refer to our products and services in this Policy collectively as the “Services”. This Policy applies to the Services and to related activities such as those described below:

  • Providing our Services and products to you as a Customer;
  • Your use of our Services and products;
  • Managing your account and the relationship we have with you as a Copado customer;
  • Direct sales, advertising and marketing activities that we may provide to you;
  • Sales and marketing activities from our authorized partners, including Copado resellers, platform partners, distributors, and third-party marketplaces;
  • Your participation in a Copado training or certification programs;
  • Your attendance or participation in Copado or partner events;

2. Copado can be both a processor and a controller of personal data.

Under the General Data Protection Regulation of the European Union (the “GDPR”) and other similar data protection laws, we may either be defined as a controller or a processor of personal data. When Copado provides its Services to you and personal data is involved, Copado generally acts as a “processor” of personal data, because Copado processes the personal data as part of the Services and at your direction. When acting as processor, Copado handles your personal data solely on your instructions, unless legally required to do otherwise. Under different circumstances, such as our direct marketing activities, Copado is considered a “controller” of your personal data if Copado determines how that data will be handled.

3. Categories of personal data and information that we collect.

We may collect, store, and use personal data in the following categories:

  • Contact and account registration information such as name, email address, phone number, title, professional details, employer’s name, and user ID.
  • Content you provide when using the Services.
  • Information about our users’ experiences with products, services, events, webinars, promotions, and online forums and communities. For example, customer responses to a survey about product functionality or posts in the Copado community page.
  • Information derived from your interactions with us, such as with our customer support team or any information entered into our chat support functionality.
  • Contact Information about prospective customers collected from our events, promotions, trade shows, and partners.
  • Usage information including certain automated information about our users, such as unique browser identifiers, IP address, browser and operating system information, device identifiers (such as the Apple IDFA or Android Advertising ID), and other device information.
  • Payment information for purchases with Copado.
  • Audio and visual information, such recordings of some calls, meetings and events.
  • Additional details about certification candidates.
  • Other personal data collected in connection with our Services.

4. How we collect personal data.

As it relates to the Services, personal data may be obtained directly from you or your employer. We also may receive personal data from our partners(which include resellers and distributors); third-party marketplaces where our products are offered (such as the salesforce.com app exchange); data brokers(such as Dun & Bradstreet); marketing companies; interactions with our website; referrals from other customers and users; publicly available sources such as company websites and LinkedIn. Copado collects certain categories of personal data when you visit our website.

5. How we use and share personal data.

Copado uses and shares personal data for the following purposes:

  • To provide our products, Services, events, websites, communities, training, and other business offerings.
  • To analyze, improve, and develop Copado products and Services.
  • To process payments.
  • To interact with third party service providers, such a providers that support features and functionality;
  • To manage our relationships with customers, partners, resellers, distributors, event attendees, investors, and others (which may involve sharing personal data with them).
  • For marketing, promotions, advertising, and other communications (including customizing those communications for specific recipients).
  • To provide a third party (such as an employer) with confirmation or denial of an individual’s claimed certification status.
  • For surveys and other market research.
  • For security, IT management, and related research.
  • For evaluation and consideration of job applicants.
  • To enforce the legal terms that govern our business and commercial relationships(for example, we may share personal information with the opposing party, judge or arbitrator in a dispute).
  • To provide security and business continuity.
  • To follow the law, or in other cases where we believe that using or disclosing the data is appropriate to protect the rights, safety, and property of Copado or others(for example, when required to make disclosures in response to lawful requests by public authorities, such as to meet national security or law enforcement requirements).
  • For an actual or contemplated business sale, merger, consolidation, change in control, transfer of substantial assets, or reorganization, or due diligence in anticipation of such an event (for example, if a company were to acquire Copado, it may also acquire the personal data we hold).
  • For other purposes requested or permitted by our customers or users.

  

For those purposes, we may share personal data with the following categories of third parties, for example:

  • Our affiliated entities;
  • Third parties that assist us, such as our partners, event providers, payment processors, marketing providers (e.g., chat support provider), testing providers, analytics providers, and providers of technical services (e.g. providers of data storage, data backup, and CRM systems); and other vendors or subcontractors;
  • Third-party service providers that support product features, such as Open AI, which serves as the backend provider for Copado’s AI features and functionality via Open AI’s API;
  • Joint marketing partners;
  • Employers and others who seek verification of an individual’s claimed certification status;
  • Entities involved in any regulatory activity or dispute resolution (such as an arbitrator or an opposing party);
  • Entities involved in potential or actual significant corporate transactions or events(such as those described in the second-to-last item in the list of uses and disclosures above); and
  • Governmental entities.

These uses and disclosures are also subject to our contractual obligations. Copado does not sell or share personal data for monetary or other consideration, nor does Copado share data for cross-context behavioral advertising.

6. What is the legal basis that applies to our use of personal data?

The laws in some jurisdictions require data controllers to tell you about the legal grounds that allow them to use or disclose your personal data. Where those laws apply, our legal grounds are:

  • Legitimate Business Interests: We handle personal data because it furthers the legitimate business interests of Copado (or of our customers, business partners, or suppliers) in the activities we engage in to run our business and provide you with Services, including those listed below, and because that handling of data does not unduly impact your interests, rights, and freedoms:
    • Providing cybersecurity and managing information technology assets;
    • Protecting business activities, individuals, and property;
    • Providing customer service;
    • Assessing employment candidates;
    • Marketing and advertising (including sending certain direct marketing);
    • Analyzing and improving business activities;
    • Managing risks and legal issues.
  • To perform contractual commitments: Some of our handling of personal data is necessary to meet our contractual obligations to individuals, or to take steps at the person’s request because we are planning to enter into a contract with him/her. For example, when we process an individual’s payment data for a certification examination, we are relying on this basis.
  • Consent:
    • If the law requires consent, and in some other cases, we handle personal data on the basis of consent. For example, we conduct some of our direct marketing on the basis of consent.
    • If the law requires explicit consent, we use personal data on that basis.
    • If the law allows, we may be able to infer consent from the circumstances.
  • Legal compliance: We sometimes need to use and disclose personal data to comply with our legal obligations.
  • Legal claims: Sometimes we use or disclose personal data because it is necessary to establish, exercise, or defend legal claims.

7. What Personal Data rights and choices (including direct marketing opt-out) are available?

We offer the options below for exercising your rights and choices about how we use your personal data. Many of these are subject to important limits orexceptions under applicable laws.

  • You may review and update certain information by logging into the relevant Copado websites or online services.
  • The law of your jurisdiction (for example, within the United Kingdom, Switzerland and European Economic Area (“EU”)) may give you additional rights to request access to, correction of, or deletion of certain personal data we store. In some cases, you may be entitled to receive a copy of the personal data you provided to us in portable form or to request that we share it with a third party. The law may also give you the right to request restrictions on the use of your personal data, to object to our use of your personal data, or to withdraw your consent to use your personal data (which will not affect the legality of any processing that happened before your request takes effect). Section 15 below explains how to make these requests.
    • For example, people who live in the United Kingdom or EU (and certain other people) have the right to opt out of our use of personal data for direct marketing. They can exercise their rights to opt out, or to object to other processing, by contacting us as described below.

If you are located in the United Kingdom, EU orSwitzerland and you have a data privacy or data use concern that you feel hasnot been fully addressed, you have the right to contact the relevant UK or EUdata protection authority or the Swiss Federal Data Protection and InformationCommissioner, as applicable.

  • Our marketing email messages, and certain other communications include instructions about how to unsubscribe, which you can use to limit or stop those communications. Opt-out processes may take some time to complete, but we will work to meet your request as quickly as possible. You cannot opt out of certain communications (such as account related or billing related communications.)
  • You can exercise opt-out rights, object, or withdraw consent in relation to our use of certain cookies and certain similar technologies as described in Section 9 below.
  • For information about Californians’ privacy rights under California law, please see Section 15 below.
  • For information about Virginians’ privacy rights under Virginia law, please see Section 15 below.

You may contact us with any concerns or complaints regarding our privacy practices, and you also may submit a complaint to the relevant governmental authority. For your protection, we will only implement requests with respect to personal data after we have verified your identity to our satisfaction, taking into consideration the nature of your request.  

8. Does the personal data go to other countries?

Copado is a global company. It is Copado’s policy to comply with applicable law, which may include legal requirements for protecting the movement of data across borders, including through the use of European Commission-approved Standard Contractual Clauses. Copado affiliates and third parties with whom we share personal data as described in this Privacy Policy are located in the United States and elsewhere in the world, including countries where privacy laws may not provide as much protection as your country.

Your personal information may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of these or other countries, pursuant to the laws of such countries.

9. Use of cookies and similar technology.

When accessing the Copado website, Copado and third-party partners ofCopado may collect certain information by automated means such as through theuse of cookies, web beacons, JavaScript, mobiledevice functionality and similarcomputer code. Cookies are files that contain data, such as unique identifiers,that may be transferred to and from your device when you visit a web page.Copado uses cookies for the following purposes:

  • to recognize the devices,
  • to improve your use of our website and services,
  • for cybersecurity,
  • to prevent fraud,
  • to provide services, and
  • for record-keeping, analytics, and marketing.

This information may include unique browser identifiers, IP address, browser and operating system information, device identifiers (such as the Apple IDFA or Android Advertising ID), geolocation, other device information, Internet connection information, as well as details about your interactions with our apps, websites, and emails (for example, the URL of the third-party website from which you came, the pages on our website that you visit, and the links you click on in our websites).

We use third party tools, such as Google Analytics, Hotjar, and G2 Crowd, to obtain information on how visitors are interacting with our Services. These tools collect information about the performance of our site and how visitors navigate around and interact with our web pages, which allows us to evaluate and further improve or optimize our software solutions and web pages. For more information on the third-party tools listed above, please click here:

We and our third parties may use these automated means to read or write information on your devices, such as in various types of cookies and other browser-based or plugin-based local storage (such as HTML5 storage or Flash-based storage), or to collect pieces of information that together may uniquely identify your device.

These technologies help us:

  • Keep track of whether you are signed in or have previously signed in so that we can display all the features that are available to you.
  • Remember your settings on the pages you visit so that we can display your preferred content the next time you visit.
  • Display personalized content.
  • Perform analytics, measure traffic and usage trends, and better understand the demographics of our users.
  • Diagnose and fix technology problems.
  • Plan for and enhance our business.

Also, in some cases, we assist with the collection of information by advertising services provided by third parties. The ad services may track your online activities over time by collecting information through automated means such as cookies, and they may use this information to show you ads that are tailored to your individual interests or characteristics and/or based on your prior visits to certain sites or apps, or other information we or they know, infer, or have collected from the users like you.

For example, we and these services may use different types of cookies, other automated technology, and data to:

  • Recognize users and their devices.
  • Inform, optimize, and serve ads.
  • Report on our ad impressions, other uses of ad services, and interactions with these ad impressions and ad services (including how they are related to visits to specific sites or apps).

More details about our use of Cookies and how you can opt out and manage cookies is found in The Copado Cookies Policy

By accessing the Copado Cookies Policy You can launch a consent tool to adjust your preferences about how certain cookies and certain similar technologies are used on Copado websites. You should repeat the opt out process with each browser you use to visit those websites. This is the best way to control cookies on the sites that offer this option. If you replace, change, or upgrade your browser, or delete your cookies, you may need to use these opt-out tools again.

Please visit your mobile device manufacturer’s website (or the website for its operating system) for instructions on any additional privacy controls in your mobile operating system, such as privacy settings for device identifiers and geolocation. Please note, however, that we do not respond to browser-based privacy signals (such as do-not-track) at this time.

10. How long does Copado store personal data?

We will retain personal data as long as necessary to fulfill the purposes outlined in this Privacy Policy unless the law requires us to keep it for a longer period of time. To provide security and business continuity for the activities described in this Policy, we make backups of certain data, which we may retain for longer than the original data.

11. How do we provide security for personal data that we handle and store?

Copado takes the security of data seriously and although we cannot guarantee that data that we collect can be protected from all possible threats, Copado has put in place physical, technical, and administrative safeguards designed to protect your personal data from unauthorized or illegal access, destruction, use, modification, or disclosure in accordance with applicable laws. Copado employees also undergo privacy and security training upon hire and annually thereafter.

12. How do we handle information that is not personal data?

Our use and disclosure of non-personal data is not subject to this Policy, however, if you or your employer has entered into a contract or non-disclosure agreement with us, confidential non-personal data will always be protected from disclosure as provided for in the applicable agreements. If applicable law and our contractual obligations allow, we may aggregate or de-identify your personal data so that the information cannot be linked to you. Our standard terms and conditions contain typical confidentiality terms and may be viewed on our website here: https://www.copado.com/company-legal-agreements/

13. How do we provide security for data that we handle and store?

Copado takes the security of data seriously and although we cannot guarantee that data that we collect can be protected from all possible threats, Copado has put in place physical, technical, and administrative safeguards designed to protect your personal data from unauthorized or illegal access, destruction, use, modification, or disclosure in accordance with applicable laws. Copado employees also undergo privacy and security training upon hire and annually thereafter.

14. Other Websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over other websites. Therefore, we cannot be responsible for the protection of any information provided while visiting such websites, and such websites are not governed by this Privacy Policy. You should exercise caution and carefully review the privacy policy applicable to the website in question.

15. Children's Privacy

We do not knowingly collect personal data from children under the age of 18. By accessing our website or initiating any communication with us, you represent that you are at least 18 years old. Copado’s Services are not directed to children under the age of 18. If you believe a child under the age of 18 is using our Services, please promptly contact us at legal@copado.com.

16. YOUR RIGHTS UNDER DATA PRIVACY LAWS.

The California Privacy Rights Act of 2020 (“CPRA”),  the Virginia Consumer Data Protection Act (“VCDPA”), GDPR, and other data privacy laws may provide additional rights to residents of applicable jurisdictions regarding information collection and use practices.

16.1 Categories of personal information collected.

We identify below the categories of personal information that we have collected about our users in the last 12 months:

  • Identifiers
  • Customer Records Information
  • Commercial Information
  • Information entered into prompts;
  • Internet or Other Electronic Network Activity Information
  • Geolocation Data
  • Professional or Employment-related Information

For more detail on the information we collect, including the sources we receive information from and the categories of third parties with whom it is shared, please refer to our Information Collection Practices above. We collect and use these categories of personal information for the business purposes described in the Information Collection Practices section above. If Copado collects” Sensitive Data” or “Sensitive Personal  Information” as defined by applicable laws and regulations, Copado will provide notice  and obtain your consent prior to the collection, storage, and use of such data. Should Copado collect Sensitive Personal Information, you have the right to limit the use and disclosure of such information.

16.2 Categories of personal information shared.

We identify below the categories of personal information that we have provided to our partners for limited business purposes in the last 12 months:

  • Identifiers
  • Customer Records Information
  • Commercial Information
  • Information entered into prompts;
  • Internet or Other Electronic Network Activity Information
  • Geolocation Data
  • Professional or Employment-related Information

Copado does not sell personal information to any third party for monetary consideration, or share personal information with third parties for cross-context behavior advertising,  and has not sold Personal Information of any kind in the past 12 months.

Copado shares the above-referenced data with its trusted third party service providers, and we instruct such third parties to use the data provided in a way that is consistent with this Privacy Policy and applicable laws and regulations.

16.3 Rights of data subjects.

Residents of California, Virginia, the European Union, and certain other jurisdictions may be entitled to the following rights under the applicable law. To exercise any of the rights, please submit a request to the relevant email address or call our toll-free number set forth in Section 13. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within the legally permissible time period. If we decline to take action, we will notify you of our justification for denial, and we will provide you with instructions for how to appeal our denial. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity or process your request for legal or archival reasons, we may deny your requests and will inform you of our reason for doing so.

A. Right to Know: You have the right to know certain details about our data practices in the past 12 months. In particular, you may request the following from us:

  • The categories of personal information we have collected about you;
  • The categories of sources from which the personal information was collected;
  • The categories of personal information about you we disclosed for a business purpose or sold;
  • The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
  • The business or commercial purpose for collecting or selling the personal information;

B. Right to Access, You have the right to review or obtain a copy of the specific categories of personal information we have collected about you in a portable and usable format;

C. Right to Delete. You have the right to request that we delete the personal information we have collected from you. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your request to delete. Please note that your right to deletion of Personal Information is subject to certain exceptions by law. If you submit a request for deletion and we retain any Personal Information under one or more of these exceptions, we will explain this to you in our response;

D. Right to Correct. You have the right to request that we correct inaccurate personal information that we attribute to you;

E. Right to Non-discrimination. You have the right not to receive discriminatory treatment by us for exercising any of your rights;

F. Right to Opt Out. You have the right to opt out of the sharing and processing of personal data for certain purposes, including targeted advertising, the sale of personal data, and profiling for decisions with legal or other significant effects on you, in addition to the other opt out rights afforded to you under the applicable laws and regulations; and/or

G. Authorized Agent. You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so or written confirmation from your email confirming the request.

17. Data Protection Assessment.

Copado conducts an annual risk assessment and independent security audits designed to review processes and controls around the protection of  your personal data. Copado takes these assessments seriously, and we use the assessments to make informed decisions about our collection and use of your data. If a customer requires Copado’s assistance with a data protection assessment as it relates to the purchase and use of the Services, please contact security@copado.com.

18. Changes to the Privacy Policy.

In the event of changes in the law, our data handling practices or for other reasons, Copado reserves the right to update and change this Policy at any time, by updating and publishing the revised Privacy Policy on Copado.com.

19. How to contact us.

If you have any questions or wish to exercise your rights under the GDPR, the CPRA , the VCDPA, or other applicable privacy laws, you may send notice by email to Copado at privacy@Copado.com or if you are in the United States you may call our toll free telephone number: 1(888) 210-4282. You may also send a written notice to us at one of the following addresses:

United States:

Copado, Inc.

Attn: Legal Dept.

330 N. Wabash St. Fl. 23, Chicago IL 60611

United States

European Union:

Copado Netherlands B.V.

Attn: Legal Dept.

Barbara Strozzilaan 201, 1083 HN Amsterdam

The Netherlands