Privacy Policy

Version 1.0 — May 18, 2020

This Privacy Policy explains how Personal Information about our (potential) customers and other individuals using our services is collected, used and disclosed by Record Once. and its respective affiliates ("us", "we", "our" or "Record Once"). This Privacy Policy describes our privacy practices in relation to the use of our websites (including any customer portal or interactive customer website) https://www.recordonce.com and https://app.recordonce.com), our software (Record Once), services, solutions, tools, and related applications, services, and programs, including research and marketing activities, offered by us (the "Services"), as well as your choices regarding use, access, storage and correction of Personal Information. It also describes how we collect, use, disclose and otherwise process Personal Information collected in relation to our Services and otherwise in the course of our business activities. This Privacy Policy does not apply to Personal Information collected about our employees, applicants or other personnel.

By using our Services or by agreeing to our General Terms and Conditions required to use certain of our Services, you agree to the collection, usage, storage and disclosure of information described in this Privacy Policy.

Our Services may contain links to other websites or services; and information practices and/or the content of such other websites or services shall be governed by the privacy statements of such other websites or services.

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of the policy and, in some cases, we may provide you with additional notifications of such (such as adding a statement to our homepage, in our Record Once Preview app or sending you a notification). We encourage you to review the Privacy Policy whenever you use our Services to stay informed about our information practices and the ways you can help protect your privacy.

Personal Information Collection

As part of our normal business operations, your usage of our Services, our administration of you as a customer and to comply with local laws and regulations we collect your Personal Information. We will not process Personal Information for other purposes then described in this Privacy Policy.

Personal Information You Provide to Us

While using our Services, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. For example, we collect information when you create an account, request customer support or otherwise communicate with us. The types of information we may collect include basic user information (such as your name, email address, social media avatar, telephone number and photograph), company information and any other information you choose to provide.

Personal Information We Collect Automatically When You Use our Services

When you access or use our Services we automatically collect information about you, including:

Log Information: We collect information about your use of the Services, including the type and version of browser, machine and device you use, access times, usage times, launches, pages viewed, debug, your IP address, the page you visited before navigating to our Services and other statistics.

Information Collected by Cookies and Other Tracking Technologies: We use various technologies to collect information, and this may include sending cookies to your computer or mobile device. Cookies are small data files stored on your hard drive or in device memory that help us to improve our Services and your experience, see which areas and features of our Services are popular and count visits. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Services.

We may also collect information using web beacons (also known as "tracking pixels"). Web beacons are electronic images that may be used in our Services or notifications and help deliver cookies, count visits, understand usage and campaign effectiveness and determine whether a notification has been opened and acted upon. In addition, we may use third party services such as Google Analytics, Intercom, and Mode that collect, monitor and analyze these statistics to better decipher and analyze the data.

Social Sharing Features: Our Services may offer social sharing features, which let you share Record Once prototypes from our Services with other media, and vice versa. The use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the company that provides the social sharing feature. We may (in accordance with this Privacy Policy) collect, store and use Personal Information from other media if you use social sharing features. For more information about the purpose and scope of data collection, storage and processing by other media in connection with social sharing features, please visit the privacy policies of the companies that provide these features.

connection with social sharing features, please visit the privacy policies of the companies that provide these features.

Third Parties: We may also obtain Personal Information about you from third parties, such as LinkedIn, Facebook, Dribbble, Twitter and other publicly accessible sources.

Support and Service: When you contact us for support or other customer service requests, we can maintain records related to such requests, including any information provided by you related to such support or service requests.

Marketing or Promotional Communications: We may use your Personal Information to contact you with marketing or promotional materials and other information communications related to Record Once. If you no longer wish to receive marketing or promotional communications related to us, you can at any moment in time by using the unsubscribe button in the email or emailing [email protected] to request us to stop sending you such communications. Such a request will be processed immediately by us, but in any event within two (2) business days.

Personal Information We Use

For individuals in the European Economic Area, our processing (i.e. use) of your Personal Information is justified on the following legal bases:

• the processing is necessary to perform an agreement with you or take steps to enter into an agreement at your request;
• the processing is necessary for us to comply with relevant legal obligations;
• the processing is in our justified interest, and this justified interest prevails over your privacy; and/or you have consented to the processing.

We collect your Personal Information to:

• perform our agreement with you and with others;
• process, evaluate and complete certain transactions involving the Services;
• operate, evaluate, maintain, improve, customize and develop the Services (including by monitoring and analyzing trends, access to, and use of the Services for enhancing customer experience, security of our Services, advertising and marketing);
• provide you with documentation, communications or any other services you request;
• correspond with you to resolve queries or complaints;
• protect and ensure safety of our Intellectual Property Rights;
• manage, protect against and investigate fraud, risk exposure, claims and other liabilities, including but not limited to violation of our contract terms or (international) laws or regulations;
• adhere to all our worldwide legal obligations.

Personal Information We Disclose

We operate worldwide and we may share your Personal Information with our affiliated businesses as part of our business operations, administration of the Services and to comply with local laws and regulations. We may also appoint third party service providers (who will operate under our instructions) to assist us in providing information, products or services to you, in conducting and managing our business, or in managing and improving our Services. We may share your personal data with these affiliates and third parties to perform services that the third parties have been engaged by us to perform on our behalf, subject to appropriate contractual restrictions and security measures, or if we believe it is reasonably necessary to prevent harm or loss, or if we believe that the disclosure will further an investigation of suspected or actual illegal activities.

We reserve the right to share any information that is not deemed Personal Information or is not otherwise subject to contractual restrictions.

Where Personal Information is transferred outside the European Economic Area to our affiliated companies or to third party service providers, we will take steps to ensure that your Personal Information is protected by the same level of protection as if it remained within the European Economic Area, including by entering into data transfer agreements using the European Commission approved Standard Contractual Clauses, or by relying on certification schemes such as the Privacy Shield. We contractually require agents, service providers, and affiliates who may process Personal Information related to the Services to provide the same level of protection for Personal Information as required under the European Union General Data Protection Regulation ("GDPR"). Personal Information transferred by us to Record Once Inc. in the U.S. is done under the Privacy Shield.

Record Once complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Record Once has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of (1) Notice; (2) Choice; (3) Accountability for Onward Transfer; (4) Security; (5) Data Integrity and Purpose Limitation; (6) Access and (7) Recourse, Enforcement and Liability (collectively, the “Privacy Shield Principles”). If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

As further set forth in the Privacy Shield Principles, we remain potentially liable if a third party processing Personal Data received from the EU or Switzerland on our behalf processes that Personal Data in a manner that is inconsistent with the Privacy Shield Principles (unless we can prove that we are not responsible for the event giving rise to the damage). Record Once is subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to any failure to comply with the Privacy Shield Principles. EU and Swiss individuals with inquiries or complaints regarding U.S. privacy practices should contact us at [email protected].

In compliance with the Privacy Shield Principles, Record Once commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Record Once at: [email protected].

Record Once has further committed to refer unresolved Privacy Shield complaints to Jams ADR, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of Jams ADR are provided at no cost to you. If your complaint still remains unresolved, then you have the right to invoke binding arbitration by the Privacy Shield Panel upon written notice to Record Once at: [email protected].

We may share Personal Information with third parties in connection with potential or actual sale of our company or any of our assets, or those of any affiliated company, in which case Personal Information held by us about our customers and/or users may be one of the transferred assets.

In accordance with our legal obligations, we may also process Personal Information, subject to a lawful request, to public authorities for law enforcement or national security purposes. Further we may also disclose Personal Information where otherwise required by local law or regulations.

Security

The security of your Personal Information is important to us. We therefore aim to safeguard and protect your Personal Information from unauthorized access, improper use or disclosure, unauthorized modification or unlawful destruction or accidental loss, and we utilize and maintain certain reasonable processes, systems, and technologies to do so. This also means that our personnel is only allowed to access or process Personal Information if this is reasonably required to do so for work related tasks, to adhere to your request or to fulfill a legal obligation on behalf of us.

Please remember that no method of transmission over the internet, or method of electronic storage, is 100% secure or error-free. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. Accordingly, we cannot be held responsible for unauthorized or unintended access that is beyond our control.

Transferring Personal Information: As also mentioned above, where Personal Information is transferred outside the European Economic Area to our affiliated companies or to third party service providers, we will take steps to ensure that your Personal Information is protected by the same level of protection as if it remained within the European Economic Area, including by entering into data transfer agreements using the European Commission approved Standard Contractual Clauses, or by relying on certification schemes such as the Privacy Shield. We contractually require agents, service providers, and affiliates who may process Personal Information related to the Services to provide the same level of protection for Personal Information as required under the European Union General Data Protection Regulation ("GDPR").

Personal Information Breach: In the case of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Information transmitted, stored or otherwise processed by us about our customers and/or users, we shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the Personal Information breach to the local supervisory authority, unless the Personal Information breach is unlikely to result in a risk to the rights and freedoms of natural persons. When the Personal Information breach is likely to result in a high risk to the rights and freedoms of natural persons we shall communicate the Personal Information breach without undue delay on our security page, unless we have already i) implemented appropriate technical and organizational protection measures, and those measures are applied to the Personal Information affected by the breach, in particular those that render the Personal Information unintelligible to any person who is not authorized to access it, such as encryption, or ii) we have taken subsequent measures which ensure that the high risk to the rights and freedoms of natural persons is no longer likely to materialize.

Retention of Personal Information

In general the collected Personal Information is not stored by us for longer than three years, unless you do a prior deletion request. However, in some circumstances, we may retain certain Personal Information for other periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements, or if required by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required. In specific circumstances, we may also retain certain Personal Information for longer periods of time corresponding to a statute of limitation, so that we have an accurate record of your dealings with us in the event of any complaints or challenges.

Children

The Services are not for use by children under the age of 16 years and we do not knowingly collect, store, share or use Personal Information of children under 16 years. If you are under the age of 16 years, please do not provide any Personal Information, even if prompted by the Services to do so. If you are under the age of 16 years and you have provided Personal Information, please ask your parent(s) or guardian(s) to notify us and we will delete all such Personal Information.

Your EU Rights

Based on the GDPR you may have rights available to you in respect of your Personal Information, such as:

• to obtain a copy of your Personal Information together with information about how and on what basis that Personal Information is processed;
• to rectify inaccurate Personal Information (including the right to have incomplete Personal Information completed);
• to delete your Personal Information (where it is no longer necessary in relation to the purposes for which it was collected or processed). We strive to anonymize your Personal Information within 30 days after your deletion request;
• to restrict processing of your Personal Information under certain circumstances.
• to port your Personal Information in machine-readable format to a third party (or to you) when we justify our processing on the basis of your consent or the performance of an agreement with you;
• to withdraw your consent to our processing of your Personal Information (where that processing is based on your consent);
• to obtain, or see a copy of the appropriate safeguards under which your Personal Information is transferred to a third country or international organization outside of the European Economic Area; and
• to lodge a complaint with your local supervisory authority for data protection.

In addition to the above rights, you have the right to object, on grounds relating to your particular situation, at any time to any processing of your Personal Information which we have justified on the basis of a legitimate interest, including profiling (as opposed to your consent) or to perform a contract with you. You also have the right to object at any time to any processing of your Personal Information for marketing or promotional purposes, including profiling for marketing or promotional purposes.

In relation to all of these rights or if you have any questions about this Privacy Policy, please send an email to [email protected].

Please note that we may request proof of identity, and we reserve the right to charge a fee where permitted by law, especially if your request is manifestly unfounded or excessive. We will endeavor to respond to your request within all applicable timeframes.

Your California Privacy Rights

This section provides additional details about the Personal Information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or "CCPA".

We do not sell the Personal Information we collect to third parties for money or any other consideration, as that term is generally understood. However, the CCPA’s definition of "sale" is very broad and might be construed to include the following:

• Situations where browsing data is sent to referral advertisers - when you click on an ad that sends you to our website, we send a hashed identifier to the referring site so they can receive credit for the referral. We, along with millions of other sites, use these services. While we limit the information sent to what is needed to properly record the referral, the fact that you clicked on the link and visited Revinate may be added to your profile by the ad publisher. You have the right to opt out of this by sending us a request as described below.

Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of Personal Information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any "sales" that may be occurring, and to not be discriminated against for exercising these rights. California consumers may make a request pursuant to their rights under the CCPA by contacting us at [email protected].