Business Services Privacy Policy

We collect the categories of personal data identified below.  We “sell” or “share” (as those terms are defined under California law) some of these categories of data for marketing purposes to third parties, such as data analytics providers and advertising technology vendors. We do not knowingly sell or share personal data about persons under the age of 16. Please visit our Privacy Choices page to opt out of the sale or sharing of your personal data, as well as targeted advertising based on your use of the Business Services. You may also choose to enable a universal tool that automatically communicates your opt-out preferences, such as the Global Privacy Control (“GPC”). We will process the GPC signal as a request to opt out.

B. The Business and Commercial Purposes for Which We Collect and Use Your Personal Data

• To provide you with the Business Services, including creating and maintaining your account with us, fulfilling your orders and processing your payments
• To communicate with you and respond to your inquiries about the Business Services
• To develop and improve the Business Services
• To monitor, protect, and maintain the security and integrity of our Business Services and our company, such as protecting against and preventing fraud, unauthorized transactions, claims and other liabilities
• To comply with applicable laws and regulations and respond to lawful requests for personal data
• To establish, exercise, or defend legal claims and protect our rights, privacy, safety, property and/or those of others
• To carry out the sale or transfer of some or all of our business, such as a merger, acquisition, or bankruptcy proceeding
• To fulfill any other purpose for which you provide your consent

C. Retention

We will retain your personal data for as long as reasonably necessary to provide you with the Business Services and for marketing purposes, unless you opt out as described in our Privacy Policy. We may, however, retain information following your opt-out or withdrawal of consent where legally permitted or required (e.g., for a legal compliance, auditing, or accounting reason).

A. Information You Provide

We collect personal data from you:  

• When You Use the Business Services. We collect personal data from you when inquire about or create an account to use the Business Services.
• When You Purchase Business Services. If you purchase services from us, we or our third-party payment processors may collect your personal data when we collect a payment card number or other payment information.

B. Information We Automatically Collect

We and our advertising and analytics partners and vendors use a variety of technologies, such as cookies, tags, SDKs and scripts, to collect certain information about your activity on the Business Services.

The specific types of personal data that we and our vendors automatically collect include:

• Device and Browser Information. This includes your device’s IP address and/or other unique identifiers, browser type, device type, internet service provider, and operating system.
• Location Information. When you access our Business Services from a mobile device, your device’s approximate location (derived from your device’s IP address or other general signals that do not provide your precise location) may be collected.
• Usage Information. We collect information about your use of the Business Services, including the date and time of your visit, the services that refer you to Semasio’s websites, the areas or pages of the Business Services that you visit, the amount of time you spend viewing or using the Business Services, and recordings of chat sessions (including with the involvement of bots if applicable).
• t processors may collect Marketing Information. If you receive an email from us, information may be collected about your interactions with the message (e.g., whether you opened, forwarded, or clicked through to our website). your personal data when we collect a payment card number or other payment information.
• Third-party analytics technologies. We use third-party analytics and tracking tools to better understand who is using the Business Services, how people are using them, and how to improve them.

Cookies and Other Similar Technologies. Semasio and its vendors collect and store online identifiers (“Cookie IDs”) through the Business Services. Cookies are small files that enable Semasio and its vendors to store information related to an internet user on a personal computer or another device from visits to websites, and to “remember” a particular individual, on a particular web browser and your preferences and improve the use and functionality of our sites. They can also enable the delivery of relevant and personalized advertisements to you across the internet.

Third parties may place cookies (and similar technologies) on our sites, and the providers of these technologies may combine information collected from your interactions with the Business Services. These third parties may combine this data with information they collect from other sources and use the combined information for analytics and/or advertising purposes.

To learn more about your choices regarding the automatic collection and use of your personal data, please see the Your Privacy Choices and Rights section below.

C. Information We Receive from Third Parties

We may receive personal data from other sources, including online advertising networks and analytics providers, social media platforms, and companies such as data aggregators who may provide us with business-to-business marketing lists that supplement the data that we collect directly from you as a visitor to our website or a user of our Business Services.

D. Combination of Information

We may combine the personal data that we receive from various sources. We use, disclose, and protect combined personal data as described in this Privacy Policy.

We may disclose each category of personal data that we collect to the following categories of recipients:

• Processors/Service Providers. We disclose your personal data to service providers that provide business, professional, marketing, analytics, or technical support services to us, help us operate our business and the Services, or administer activities on our behalf. We require our service providers to restrict their use of personal data to only use your personal data in connection with providing services to Semasio.  
• Analytics Partners. We disclose personal data to partners that assist us in performing analytics and help us measure the effectiveness of the Business Services and our marketing and advertising efforts.
• Marketing and Advertising Partners. We disclose personal data to third parties for marketing and advertising purposes, including social media platforms, third-party advertising networks, and other parties that assist us in tailoring, serving, and optimizing our ads.
• Competent Governmental, Regulatory, and Public Authorities. We may disclose personal data to governmental or law enforcement authorities to comply with valid legal or regulatory obligations or requests.
• Relevant Third Parties as Part of a Corporate Transaction. In the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with a bankruptcy or similar proceeding), we may disclose or transfer your personal data to certain third parties, such as the acquiring entity and its advisers.
• Other Third Parties. We will disclose your personal data to other third parties at your direction or with your consent. Additionally, we will disclose your personal data as we believe necessary or appropriate to: (a) comply with applicable law; (b) enforce our terms and conditions; (c) protect our operations; (d) protect our rights, privacy, safety, or property, and/or those of you or others; and (e) allow us to pursue available remedies or limit damages that we may sustain.

We may disclose your personal data for other reasons that we will describe at the time of information collection or prior to disclosing your information.

We may aggregate and/or de-identify any information collected so that such information can no longer be linked to you or your device and thus has become anonymous information as that term or its equivalents are defined under the GDPR or other applicable laws. We may use such anonymous information that is not personal data for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, and sponsors, in our discretion.

If you are in the European Economic Area (EEA) or the United Kingdom, we collect personal data from or about you in connection with the Business Services on the basis of user consent or legitimate interest.  Therefore, the legal bases for the purposes set out in Section 1.B below are your consent, Art. 6(1)(a) GDPR, and our legitimate interests as a controller, Art. 6(1)(a) GDPR.

The table below provides further details about the legal basis for the processing purposes described in Section 1 of this Policy.

A. Third-Party Opt Outs

You may opt out of online targeted ads in general by using the industry opt-outs described below.  These opt-outs will not remove you from Semasio’s databases.  Please see Section 9 of the Semasio Platform Privacy Policy to learn how to do so.

• Network Advertising Alliance (NAI): https://optout.networkadvertising.org/?c=1
• Digital Advertising Alliance (DAA): https://youradchoices.com/control
• DAA’s AppChoices tool: https://www.aboutads.info/appchoices
• European Interactive Digital Advertising Alliance (EDAA): https://youronlinechoices.eu/

Some of these choices apply only to the specific browser or device from which you opt out, and you will need to opt out separately on each browsers or device you use. If you delete or reset your cookies or mobile identifiers, change browsers, or use a different device, any opt-out cookie or tool may no longer work and you will have to opt out again.

Even if you choose to opt out of receiving interest-based advertising, you may still receive advertising, but the advertisements may be less relevant.

B. Unsubscribing from our Marketing and Promotional Communications

From time to time, we may send you marketing and promotional communications, including special offers from us or our partners. If you no longer wish to receive promotional and marketing emails from us, you may opt out of such communications at any time by following the opt-out instructions included in any promotional or marketing email you receive from us.

C. Privacy Rights and Requests

Under the General Data Protection Regulation (“GDPR”) and other privacy laws depending on where you reside, you may have certain additional rights regarding your personal data as summarized below, subject to certain restrictions and variations under applicable local laws. This section describes how to exercise those rights and our process for handling your requests. We may withhold these rights to the extent that the law in your country or state of residence does not recognize or no longer recognizes these rights. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.

• Right to Delete. You may have the right to request that we delete personal data that we have collected from you, subject to certain exceptions.
• Right to Know or Request Access to Your Personal Data. Depending on what law applies, you may request information about your personal data in our databases. Additionally, under certain privacy laws, including certain state privacy laws in the United States, applicable residents may request we disclose the categories of personal data we have collected about you; categories of sources from which the personal is collected; the business or commercial purpose for collecting, selling, or sharing personal data; and the categories of third parties to which we disclose personal data. Please note that we may not be required to respond to your requests “to know” or access specific pieces of personal data more than twice in any 12-month period.
• Right to Data Portability. You may have the right to access your information in a portable format.
• Right to Rectify/Correct. You may have the right to correct inaccurate personal data that we may maintain about you, subject to appropriate verification.
• Right to Opt Out of Certain Types of Personal Data Uses and Disclosures. We use and disclose to third parties personal data for analytics and advertising purposes. You may have the right to opt out of the “sale” or "sharing” of your personal data, or the use and disclosure of your personal data for “targeted advertising” (as these terms are defined in applicable law).

Please note that, where permitted under applicable law, we may decline a request if we are unable to verify your identity (or an agent’s authority to make the request) and confirm the personal data we maintain relates to you.

If you are interested in exercising one or more of the rights (other than the right to opt out – use the instructions in Section 5.E) outlined above, please visit our Privacy Choices page, or you can contact us at privacy@semasio.com. You must put the statement “Your Privacy Rights” in the subject field of your email. We may take steps to verify your identity before responding to your request by asking you a series of questions about your previous interactions with us. Submitting a privacy rights request does not require you to create an account with us.

If you are a business-to-business client or potential business-to-business client who wishes to opt-out of our marketing lists or otherwise exercise your privacy rights with respect to your use of our Business Services, please contact us at privacy@semasio.com. You must put the statement “Privacy Request Business Services” in the subject field of your email.

We will not discriminate against you if you decide to exercise your privacy rights.  

D. Agent Requests

Depending on the laws in your country or U.S. state of residence, you may authorize someone to make a privacy rights request on your behalf (an authorized agent). Only you, or someone legally authorized to act on your behalf, may submit a request related to your personal data. You may also submit a request on behalf of your minor child. Authorized agents will need to demonstrate that you’ve authorized them to act on your behalf. Semasio retains the right to request confirmation directly from you confirming that the agent is authorized to make such a request, or to request additional information to confirm the agent’s identity.

E. Opt-Out Requests

You may request to opt out of the sale or share of your personal data, or of targeted advertising, at any time by using our Privacy Choices page.

For opt-outs specific to your use of our website (online identifiers and internet or other electronic network activity information) in connection with our Business Services, our online opt-outs are cookie-based. Thus, if you browse the web from multiple browsers or devices, you may need to opt out from each browser and/or device, and for the same reason, if you change browsers or clear your browser cookie cache, you may need to perform this opt-out function again. Alternatively, you can use the browser-based Global Privacy Control (“GPC”) signal to exercise your sale and sharing opt-out right of our Business Services. We will treat a GPC opt-out signal as a valid request to opt out of the sale or sharing of personal data linked to that browser and any consumer profile we have associated with that browser. If you use different browsers or browser profiles, you will have to enable the signal on each browser or profile.

F. Right to Withdraw Consent

In situations where we rely on consent to process your personal data, you likewise may withdraw your consent at any time by visiting our Privacy Choices page to submit an opt-out request. You may also contact us toll-free at 833 367-8688. Please be aware that withdrawing your consent does not affect the lawfulness of the processing of your personal data based on consent before its withdrawal.

G. Right to Appeal

Depending on where you reside, you may have the right to appeal a decision we have made in connection with your privacy rights request. To appeal a decision, please contact us at privacy@semasio.com.  

H. Additional Notice to EEA and UK Residents

For residents of the European Economic Area and United Kingdom, Semasio is the controller responsible for processing your personal data.

• Right to Object:  If you reside in the European Economic Area (EEA), the following applies: You can object to processing of your personal data where we are relying on the legitimate interest legal basis (Art. 6(1)(f) GDPR) at any time. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or we need to process the personal data for the establishment, exercise or defence of legal claims. Where we rely upon legitimate interest as a basis for processing, we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis. To access this right, please contact us at privacy@semasio.com.
• Right to lodge complaint. Additionally, EEA residents have the right to lodge complaints or report concerns to a data protection authority, in particular in the Member State of their residence, place of work or of an alleged infringement of the GDPR (a list of these data protection authorities can be found here, a list of the data protection authorities of the German States (Länder) can be found here). UK residents can report a concern to the Information Commissioner’s Office. However, we respectfully request that you contact us first.
• Right to Erase: You have the right to erase personal data pertaining to you, under certain conditions. We will assess any deletion request after verifying your identity and work to respond within one calendar month, and let you know if we need additional time.
• Right to Object: You have the right to object to processing the personal data we process, under certain conditions.
• Right to Restrict: You have the right to restrict the processing of your personal data, under certain conditions.
• Right to Data Portability: You have the right to receive the data we have collected from you. Under certain conditions, you may request that we transfer your personal data to another organization, or directly to you.
• Right to Lodge a Complaint: You have the right to file a complaint with the supervisory authority in your jurisdiction.

At any time, you may request or assert any of the rights above by emailing us at privacy@semasio.com. If you believe there has been a violation of your privacy rights, please contact us or the supervisory authority.

Our Services may have links to third-party services, which may have privacy policies that differ from our own. We are not responsible for the practices of such sites.

Our Services are intended for a general audience. We do not direct our Business Services to minors under the age of eighteen (18), nor do we knowingly solicit or collect any personal data from minors. If you are a parent or legal guardian and think that your child has given us data, you can contact us in writing or by email as provided below under Section 13, “How to Contact Us.” Please mark your inquiries “Minors’ Privacy Information Request.” If we learn that a minor has provided personal data through our Business Services, we will use reasonable efforts to remove such information from our files.

We have implemented physical, administrative, and technical safeguards to maintain the security, confidentiality, and integrity of your information. However, as no transmission of information over the internet is absolutely secure, we cannot guarantee the safety of your information.

We retain personal data in accordance with requirements of applicable laws as long as it is necessary for the purposes we pursue (set out in Section 1) or we have a legal or compliance reason to do so.  

Semasio maintains data centers in the United States and Denmark. Please visit this page for a list of our service providers.

In some cases, we may transfer personal data of individuals residing in the European Union (EU) or the European Economic Area (EEA) to recipients located outside of the EEA, namely the United States.  

Where a transfer of personal data to such third countries is taking place, this happens only to countries in which the EU Commission has confirmed an adequate level of protection (a list of these countries and the respective adequacy decisions is available here) or where Semasio can reasonably ensure the secure handling of personal data by means of contractual agreements (e.g., standard contractual clauses) or other suitable guarantees, including certifications or proven compliance with sufficient security standards. We apply these same standards to other jurisdictions that require similar protections.

You have the right to ask us for more information about the safeguards we have put in place as mentioned above. Please contact us using the contact information provided in Section 13 if you would like further information or to request a copy where the safeguard is documented (which may be redacted to ensure confidentiality).

Semasio may change or update this Privacy Policy at any time. Any changes or updates we may make will be posted on this website. If you have an account with us for our Business Services and we change the Privacy Policy in a material way, we will provide appropriate notice to you.

If you have questions related to this privacy policy, or regarding our products or services, please contact us at privacy@semasio.com or info@semasio.com.

Postal addresses:

Semasio GmbH
Mönkedamm 11
20457 Hamburg
Germany

Semasio Inc.
c/o Casters Holdings, Inc.
433 West Van Buren Street, Suite 200,
Chicago, IL 60607

Controller

Controller:  If you are based in the European Union (EU) or the United Kingdom, the controller of your personal data is Semasio GmbH.

European data protection officer (DPO): If you are a based in the European Union (EU) or the United Kingdom, you may contact our data protection officer and state in your request that your concern relates to Semasio GmbH. However, we respectfully ask that you only contact our Data Protection Officer regarding urgent matters relating to data protection.

Prof. Dr. Christoph Bauer
ePrivacy GmbH
Große Bleichen 21
20354 Hamburg
Germany
Email: dpo@eprivacy.eu

Representative of controllers or processors not established in UK (Article 27 UK GDPR):

UK Representative Service for GDPR Ltd.
7 Savoy Court
London WC2R0EX
United Kingdom
Email: dpo.uk@eprivacy.eu