Last updated: February 24, 2020
- Your Privacy Rights
- Scope and Updates
- What Data We Collect and How We Collect It
- Information You Provide to Us Through Our Site
- Information You Provide for Employment
- Information Automatically Collected About Your Use of Our Services
- Service Provider Information Collection and Processing
- Social Media Platforms or Other Forums
- Cross-Border Information Transfers
- Data Subject Rights – European Union (EU)
- Data Subject Rights – California Consumer Protection Act (CCPA)
- How We Protect and Store Personal Information
- Privacy Shield
- How We Use the Personal Information We Collect; Purposes and Legal Basis for Processing
- How We Share Personal Information with Third Parties
- Data Retention
- How You Can Access or Change Your Personal Information
- How We Use Tracking Technologies
- How You Can Opt Out of Marketing Communications
- Collection of Information from Children
- How You Can Contact Us about Privacy
Your Privacy Rights
This privacy notice (“Privacy Notice”) describes how 2nd Watch, Inc. (“2nd Watch, “us”, “we”) handles your private and proprietary information collected by virtue of the customer relationship and your privacy rights regarding our collection, use, storage, sharing, and protection of your Personal Information. “Personal Information” shall have the meaning prescribed by applicable privacy and data protection laws, but generally includes any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, medical, educational, financial and employment information.
It applies to the https://www.2ndwatch.com website and all related pages, regardless of how you access or use them (collectively, the “Site”). All Personal Information collected by us, which includes or respective successors, subsidiaries, divisions and group entities, shall be limited to the purposes for collection set forth in this Privacy Notice.
Scope and Updates
This Privacy Notice informs you of our policies regarding the collection, use and disclosure of Personal Information when you use our Site and the choices you have associated with that data in the following circumstances:
- When you visit our company website;
- When you subscribe to our newsletters, promotional campaigns, or request information about our engineering or support services;
- When you inquire about a job opportunity.
If you are a resident of the European Union (“EU”), you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) with respect to your Personal Information, as outlined below. For the purposes of this Privacy Notice, references to the EU also include the United Kingdom, Switzerland, and the European Economic Area countries Iceland, Liechtenstein, and Norway.
We may amend this Privacy Notice at any time by posting a revised version on this Site. The revised version will be effective at the time we post it. Therefore, we encourage you to periodically review this Privacy Notice to remain informed about how we are helping to protect the Personal Information we collect.
What Data We Collect and How We Collect It
Information You Provide to Us Through Our Site: In the pursuit of a business relationship, we collect contact information that you provide to us through our Site, and/or through direct interactions that we may have with you, such as during events and conferences. Such information includes:
- Your company name
- Company location (State/Region)
- Location address
- First and last name
- Your title
- Email Address
- Telephone number
- Fax number
- IP address/geolocation (tracked through cookies)
Promotional efforts may include email, phone calls, flyers, or surveys authorized by us or our third party service providers.
Information You Provide for Employment: When individuals apply for employment with us, we collect additional information (resume, cover letter, and desired salary) to start the application process through our Site, or through our third party service providers. While we do not collect sensitive personal data (i.e., personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, ideological activities or views, trade union membership or information specifying the sex life of the individual) for this purpose, we take careful measures to ensure that all collected Personal Information about you is protected.
Service Provider Information Collection and Processing: In some cases, we act as a service provider and perform support and engineering services on behalf and under the contractual obligations with our business customers (“Clients”). In our role as a service provider to our Clients, we may handle their data as a data processor or sub-processor on our Clients’ behalf. We have no direct relationship with our Client’s individual customers and end-users whose Personal Information our Client may collect and process within this role.
You should contact your service provider directly (our Client) to inquire about the Personal Information that they may have about you, or to exercise any other data subject rights that you may have. You understand that your use of their websites may be subject to terms and policies provided by your service provider (our Client) and we are not a party to such agreements.
Social Media Platforms or Other Forums: We may receive certain information that’s stored or processed by third parties, such as the social media sites including, but not limited to, Facebook®, Twitter® and LinkedIn® when you interact with us through these social media platforms. Our Site may include social media features – such as the Facebook “Like” button – and widgets – such as the “share this” button. These features may collect your IP address as well as details of the pages you are visiting on our Site. Social media features, widgets, and chat bots are either hosted by a third party or hosted by our Site. Each social media platform may have its own privacy notices that specifically govern your use of social media platform and features.
Our Site may also feature bulletin boards, blogs, or forums. While you may comment on these channels, we do not require your personal information to do so. Any personal information that you choose to enter via such forums may be read, collected, or used by other visitors to send you unsolicited messages.
The appearance of hyperlinks or the information, products or services contained in a hyperlink on a social media site does not constitute our endorsement of that site and we do not exercise any editorial control over the information found at these sites. In addition, any opinions expressed in posts by users on a social media site do not necessarily represent the positions, strategies or opinions of us or any of our affiliates.
Cross-Border Information Transfers
You acknowledge (a) that you are accessing our Site that is based in the United States, (b) that you are providing Personal Information to us in the United States, and (c) that we must adhere to laws of the United States. You agree that Personal Information collected on our Site may be stored and processed in the United States or any other country where our service providers maintain facilities, and while in such jurisdictions may be subject to access pursuant to the laws of those jurisdictions. Each of these countries may have different privacy and data protection laws that afford varying levels of protection for your Personal Information, and such laws may be less stringent or may not be as comprehensive as those laws that exist in your country.
Data Subject Rights – European Union (EU)
If you are an EU individual submitting your Personal Information to us, you have data subject rights that you should be aware of. As your data controller, you can reach out to us regarding exercising of any of your data subject rights.
- Right to access – You have the right to request from us copies of your personal data.
- Right to correction – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete.
- Right to erasure – You have the right to request that we erase your personal data, under certain conditions.
- Right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
- Right to object/restrict processing – You have the right to object to our processing of your personal data, under certain conditions. You also have the right to request that we restrict the processing of your personal data, under certain conditions.
- Right to object to automated individual decision-making, including profiling.
Data Subject Rights – California Consumer Protection Act (CCPA)
California residents have data subject rights that you should be aware of. We do not resell your Personal Information collected by us for any purposes. We do not authorize third parties to use your information except where you have elected us to do so when subscribing or signing up to our employment applications, newsletters, marketing campaigns, and other promotional events as described in this Privacy Notice.
As your data controller, you can reach out to us regarding exercising of any of your data subject rights.
- Right to access – You have the right to request from us copies of your personal data collected in the last 12 months.
- Right to erasure – You have the right to request that we erase your personal data, under certain conditions.
- Right to data portability – You have the right to request that we export the data that we have collected about you in a user-friendly format.
- Right to object/restrict processing – You have the right to opt-out to our processing of your personal data, under certain conditions. You also have the right to opt out of our transferring of your personal data to third parties, under certain conditions.
- Right to equal services & price – You have the right to fair treatment regardless of your options.
How We Protect and Store Personal Information
We take reasonable steps to help protect the security of your Personal Information. Despite our security safeguards, however, we cannot guarantee that Personal Information will be protected from interception, misappropriation, misuses or alteration, or that it will not be disclosed or access by accidental circumstances or by unauthorized actions. We use a variety of available security technologies and procedures to protect your Personal Information from unauthorized access, use, or disclosure. For example, any Personal Information is stored on secure servers that are located in controlled facilities with limited logical access. Data protection is achieved through the use of encryption protocols HTTPS, TLS1.2, and AES-256 (where available). We also require that our third party vendors follow these safeguards including adherence to SOC 2 or a similar compliance framework.
We comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (“Privacy Shield Principals”), as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the European Union or Switzerland, to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield Principals program, and to view our certification, please visit https://www.privacyshield.gov/.
We are responsible for the processing of Personal Information we receive, and under Privacy Shield Principals we may subsequently transfer that Personal Information to a third party acting as an agent or service provider on our behalf. We comply with the Privacy Shield Principles for all onward transfers of Personal Information from the EU and Switzerland, including the onward transfer liability provisions.
With respect to Personal Information received or transferred pursuant to the Privacy Shield Principals, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We have incorporated the European Union Model Clauses into our standard data protection agreement used with service providers located in a third country. The European Union Model Clauses creates a contractual mechanism to meet the adequacy requirement which allows for transfer of personal data from the European Economic Area to a third country.
See the section below entitled “How You Can Contact Us about Privacy” if you have privacy concerns or a dispute. If you have an unresolved privacy or information security concern that we have not addressed satisfactorily, you may contact our U.S.-based independent recourse mechanism provider ICDR/AAA (free of charge) at http://go.adr.org/privacyshield.html.
In compliance with the Privacy Shield Principles, 2nd Watch commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact 2nd Watch at:
2nd Watch, Inc.
2310 N. Molter Rd., Suite 340
Liberty Lake, WA 99019
Attn.: Data Privacy Officer
2nd Watch has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.
Under certain conditions, more fully described on the Privacy Shield Principals website https://www.privacyshield.gov, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
How We Use the Personal Information We Collect; Purposes and Legal Basis for Processing
Our primary purpose for collecting and processing Personal Information is to provide you with a secure, smooth, and efficient visitor and Client experience. Specifically, we may use your Personal Information to:
- operate the Site (the legal basis for processing is our legitimate interest, more specifically our economic interest in offering you products and services);
- provide support or to carry out the service(s) you have requested or authorized (the legal basis for processing is performance of the agreement between you and us);
- confirm your identity, verify accounts and activity (the legal basis for processing is secure operation of the Site);
- distribute alerts concerning product upgrades, special offers, white papers, upcoming events and webinars, surveys, marketing campaigns, newsletter subscriptions, blog update notifications, updated information about existing and new products and services from us or our partners and to measure the effectiveness of these communications (the legal basis for processing is our legitimate interest, more specifically our economic interest in making you personalized offers which you have requested);
- provide or operate certain products or service offerings that may engage in automated decision-making or profiling (the legal basis for such processing is explicit consent; you may withdraw your consent at any time); and
- for such other purposes as required or permitted by law (the legal basis for processing is our compliance with our legal obligations).
How We Share Personal Information with Third Parties
We partner with and occasionally hire other companies to provide services on our behalf. Personal Information may be shared with these companies, vendors, consultants and other service providers who work for us and need to access to your Personal Information to do that work; however, we will only share your Personal Information to accomplish the purposes for which we collected the Personal Information. These third parties are contractually required to maintain the confidentiality of your Personal Information and are contractually prohibited from using that information for any other purpose and from selling your Personal Information.
We may also share your information as follows:
- with your consent;
- when we believe in good faith that disclosure is necessary to protect our rights or property;
- to protect your safety or the safety of others;
- to investigate fraud or respond to a government, judicial or other legal request;
- to comply with the law; and
- in connection with a corporate change, such as an acquisition or merger.
We will only retain your Personal Information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances you can ask us to delete your Personal Information: see Data Subject Rights above for further information. In some circumstances we may anonymize your Personal Information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice.
How You Can Access or Change Your Personal Information
You may contact us at any time to inquire about the Personal Information we collect about you. You may access, correct, or request deletion of your Personal Information by using the options on the Site forms, by unsubscribing from emails, or you may contact us at Privacy@2ndwatch.com.
We will respond to your request within a reasonable timeframe.
How We Use Tracking Technologies
Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third-parties. We do not currently respond to DNT signals. Therefore, please be advised that third party web analytics companies that we use on our Site may collect information about your online activities over time and across our Site and other online properties. For more information about DNT please visit: https://allaboutdnt.com/.
How You Can Opt Out of Marketing Communications
We may contact you to alert you of upcoming events, webinars, white papers and promotional campaigns relating to our products and services. If we determine that your explicit consent is needed to send marketing communications, we will obtain that consent before or at the time of Personal Information collection.
We honor your choices with respect to your Personal Information as required by applicable privacy and data protection laws. You can choose whether you wish to receive promotional emails, SMS messages, telephone calls, and postal mail from us by using the opt-out methods described in that communication. For example, if you wish to stop receiving email marketing communications from us, you may click the “unsubscribe” link at the bottom of the relevant email marketing communication or by following the instructions detailed in the communication. Please note that this may not unsubscribe you from all other communications. If you wish to opt-out of all marketing communications, please contact us using the details provided below.
Collection of Information from Children
We do not knowingly collect Personal Information relating to children. In the event we learn we have collected Personal Information from anyone under 13 years of age without prior parental consent, we will take steps to promptly delete such information. By providing your Personal Information to us, through the Site, you represent that you are 13 years of age or older.
How You Can Contact Us about Privacy
If you have any questions, comments, or concerns about your privacy or this Privacy Notice, or to exercise your rights under EU or CCPA please contact us via email at Privacy@2ndwatch.com, via phone at 1.888.317.7920, or write to us at the following address:
2nd Watch, Inc.
2310 N. Molter Rd., Suite 340
Liberty Lake, WA 99019
Attn.: Data Privacy Officer
We will verify your request using the information associated with your name and email address.