Amperity Privacy Notice

Last Revised and Effective Date: September 7, 2023.


Our Privacy Notice Has Recently Changed.

We have made changes to this Privacy Notice that apply on or after the “Last Updated” date to provide you with information on how we process your Personal Data. These changes include additional details about:

1. What Personal Data or other information we collect from you, how we collect it, and the purpose for which it is collected; 2. Third parties with whom and for what purpose your information is shared; and 3. Your rights and how to exercise them.

See Previous Version


Amperity, together with its affiliated entities, including but not limited to Amperity UK Limited and Amperity Australia Pty Ltd (together, “Amperity,” “we,” “us,” “our”), are committed to collecting and processing your personal data responsibly and in compliance with applicable data protection laws in all countries in which Amperity operates. This Privacy Notice (“Notice”) explains how Amperity collects, processes, transfers and discloses your personal data. This Notice also describes the rights you have regarding Amperity’s use of your personal data, the measures Amperity takes to protect the security of the data, and how you can contact us regarding our data protection practices.

This Notice applies when you:

  • Browse or visit our website at www.amperity.com (“Site”);

  • Make use of our Site to sign up and use our customer data platform (“Platform”); and

  • Provide your personal data in connection with our events, sales, and marketing activities (collectively “Services”).

This Notice does not apply to any products, services, websites, mobile applications or content offered by third parties and linked to from here. Data collected by these third parties is covered by their own privacy policies.

1. Personal Data We Collect and How We Collect It

As used in this Notice, personal data means any information about an individual from which that person can be reasonably identified.

We collect personal data in the course of providing the Services to you. The data we collect falls into three main categories: (1) data we collect from you directly, (2) data we collect from you automatically, and (3) data we collect from third parties.

Data We Collect from You Directly

The personal data we collect from you depends on your relationship with us. Please note that for a majority of circumstances, Amperity’s customers determine how and why personal data is used, including personal data about how the customer’s end users use the Platform.

Customers

When you register for and log onto our Platform, we collect personal data, such as your name, email address, telephone number (including for multi-factor authentication), company name, job title, and other professional and employment information.

If you purchase/subscribe to our Platform, we also collect financial information, such as billing and payment information. We maintain a record of your purchases, transactional information, and any communications and responses.

Platform End Users

If you use our Platform, we collect personal data, such as your name, email address, telephone number (including for multi-factor authentication), company name, job title, and other professional and employment information.

We also collect information relating to the actions that you perform while logged into your account, including any personal data you share when you provide feedback regarding our Services and when you contact us for support.

Marketing Subscribers

When you sign up for a webinar, an event, or otherwise sign-up to receive marketing information from us on our Site, or take a survey we collect your name, email address, telephone number, company name, job title, location, and other professional and employment information.

If you elect to receive emails from us, we capture data related to when you open our emails and how you engage with it, including what banners or links you click.

If you sign up to receive ongoing marketing communications, you can always choose to opt out of further communications by unsubscribing from any marketing email you receive from Amperity. You also can unsubscribe here https://amperity.com/unsubscribe.

Site Visitors

If you visit our Site, we collect certain personal data about you, including your IP address and other data as described in the “Information We Collect from You Automatically” section.

If you contact us to request a demo of the Platform, we collect data including your name, email address, company name and department, job title, telephone number, and country. We also collect this data and other information you share if you contact our sales team for information.

Job Applicants

If you have applied for a job with us, the collection, use, and disclosure of your personal data is governed by our Applicant Privacy Notice.

Information We Collect from You Automatically

When you visit and access our Site and use our Platform, we collect certain personal data using automatic data collection technologies. These technologies include cookies and web beacons (also known as pixel tags and clear GIFs) and the data collection associated with them is described below.

  • Logs: We automatically collect and store information in our logs, including your browser type, operating system, Internet Protocol (IP) address, domain name, pages you navigate to on our Site, click-activity, referring website, and date/time stamp for visitors.

  • Location Information: When you access our Site, we collect your location from your IP address to determine your inferred location. We will also have any physical address you provide to us when completing a contact form or signing up for Amperity’s Services.

  • Email Engagement: If you receive emails from us, we use certain tools to capture data related to when you open our message, click on any links or banners it contains, and if you make purchases.

  • Device Information: We collect information about your devices such as device make, model, operating system and version number, and any unique identifying data broadcasted from your device when visiting our Site.

  • Site Interactions: We use technology to monitor how you interact with our Site, including which links you click on, the pages you view, or information that you type into our online forms.

  • Cookies: We use cookies and web beacons (also known as pixel tags or clear GIFs) to collect information about your visit. “Cookies” are small text files that a website stores on a user’s device while a website is viewed. Cookies may contain information such as your IP address, information about your browsing history, or your preferences and settings. We use both first-party cookies (those set by us) and third-party cookies (those set by third parties and come from domains others than www.amperity.com).

See our Cookie Declaration for more information on the type of cookies we use and how we use them. You can also and to opt-out of any non-essential cookies by managing your Cookie Preferences.

Information We Collect About You from Other Sources

In addition to the information that we collect from you directly, we obtain information about you from other sources, including third parties, business partners, our affiliates, or publicly available sources such as your name, title, phone, email, social media information, profile picture, and unique identifier. For example, we pay third parties to distribute our marketing materials on their ad platforms and receive information about who accesses our materials.

Publicly-available sources includes data collected through services like LinkedIn. We use this information to help us understand our customer base better, such as your industry and the size of your company.

2. How We Use Your Information

We use your personal data for the purposes described below. We only collect and process personal data when we have a legal basis to do so and in accordance with applicable law as set out below.

  • To provide, support and improve the Services. We use personal data provided by our Customers and Platform End Users in order to provide our Services, including to keep track of billing and payments.

  • To track user behavior at an aggregate level to identify and understand trends in the various interactions with the Services, for gathering insights into how the users interact with the Services, and how they are interacted with by different types of customers.

  • To respond to questions and comments, including support requests.

  • To offer webinars and invitations to other promotional events. We use personal data provided by our Customers, Platform End Users, Marketing Subscribers, and Site Visitors in order to offer webinars and to extend invitations to other marketing events.

  • To market our Services. With your consent, we use personal data provided by our Customers, Platform End Users, Marketing Subscribers, and Site Visitors in order to market our Services to current and prospective customers. We also share your personal data with our affiliates and third parties for marketing and advertising purposes. This sharing of information could be construed as a “sale” in your jurisdiction and please see the “Your Rights and Choices” section to exercise your privacy rights.

We also use your information for the following additional purposes below.

  • Protect and enforce Amperity's legal rights, including our intellectual property rights and preventing fraud.

  • Meet legal compliance obligations, including corporate reporting, legal, and regulatory compliance and fiduciary obligations.

  • Protect the safety and security of our products and services, and manage business continuity and disaster recovery operations.

  • Enable access to, use of, and operation of the Services and Site other processing necessary for enforcement of our Terms of Service.

  • Conduct surveys and respond to feedback and inquiries.

3. Sharing and Disclosing Personal Data

Service Providers

Like many businesses, we engage other companies to provide certain business-related services to us (“Service Providers”). We may disclose personal data to our Service Providers but only to the extent needed to enable them to provide such services.

The types of companies that may receive personal data and their functions are: mail services (hard copy and email); hosting services; database management/back-up services; monitoring services; training service provider; customer support and customer relationship management services; accounting services; marketing services providers; and payment processors. mail services (hard copy and email); hosting services; database management/back-up services; monitoring services; training service provider; customer support and customer relationship management services; accounting services; marketing services providers; and payment processors.

Service Providers are limited to performing services on our behalf pursuant to contracts which impose restrictions on their use of personal data, including prohibiting them from selling, sharing, using, or disclosing any personal data we share with them for their own marketing purposes or for any other purpose.

Behavioral Advertising

We use identifiers derived from your personal data (i.e., a pseudonymized representation of your email address) for cross-device tracking and cross-contextual advertising purposes. This identifier is disclosed to our advertising providers who use it to serve targeted advertising to devices connected to you via cross-device tracking.

Depending on where you live, this sharing of personal data could be considered a sale. You may opt-out from receiving cross-device advertising by visiting and employing the controls described on NAI’s Consumer Opt Out page (or if located in the European Union or United Kingdom, click here) and by opting-out of any non-essential cookies by managing your Cookie Preferences. You will need to opt-out on each device and browser separately.

Corporate Affiliates

We may share data with our corporate affiliates, that will only use the information as described in this Privacy Notice. In particular, we may transfer your personal data to corporate affiliates in a country where adequacy decisions have been issued, or where we have implemented appropriate and suitable safeguards such as the European Commission’s Standard Contractual Clauses for the transfer of your personal data to our U.S. headquarters. In other cases, we will ask you for your prior consent.

Merger, Sale, or Other Asset Transfers

Subject to possible restrictions under applicable loal laws and regulations, Amperity may disclose your personal data to a potential or actual acquirer, successor, or assignee as part of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in bankruptcy or similar proceedings).

In the event of a merger, dissolution or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal data, would be transferred to the surviving entity in a merger or the acquiring entity, including at the negotiation stage. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal data as set forth in this Notice.

As Required by Law

We may be required to disclose personal data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.

Aggregated / De-Identified

We might also share data about our Customers with third parties if the data has been de-identified or aggregated in a way so it cannot be used to identify you.

4. International Transfers of Data

The Services are provided from the United States and other locations, and we may transfer your personal data to multiple countries throughout the world where we or our service providers maintain facilities, including the United States, in accordance with applicable local laws and regulations. We maintain primary data centers in the United States, Canada, and Ireland.

These countries may not have the same high level of data protection as the data protection laws in the country where you are located. We take steps designed to ensure that the data we collect under this Notice is processed as described in this Notice and according to applicable law wherever the data is collected.

If you are located in the EEA, UK, Switzerland or other countries which restrict the transfer of personal data, we comply with applicable data protection laws when transferring your personal data outside of these areas. In particular, we may transfer your personal data to countries for which adequacy decisions have been issued; implement appropriate and suitable safeguards such as the European Commission’s Standard Contractual Clauses or the Addendum B.1.0 issued by the Information Commissioner of the UK for the transfer of personal data to our U.S. headquarters, other offices or third parties, where applicable, or where required, we will ask you for your prior consent.

You may contact us in the "How to Contact Us" section below to obtain a copy of the clauses, relevant data transfer agreements or safeguards we use to transfer personal data outside of these countries/regions.

5. How We Protect Your Information

Amperity implements reasonable and appropriate security measures to protect your personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in processing and the nature of such data, and comply with applicable laws and regulations.

Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the information you supply will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail sent to or from the Site may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail. In the event that we are required by law to inform you of a breach of your personal data we may notify you electronically, in writing, or by telephone, if permitted to do so by law.

6. Data Retention

We will erase your personal data when it is no longer necessary for the purposes for which it was collected or otherwise processed; when you withdraw your consent (where lawfulness of processing was based on your consent) and there is no other legal ground for the processing; when you object to the processing and there are no overriding legitimate grounds for the processing; when your personal data has been unlawfully processed; and when it is no longer necessary to comply with legal obligations.

When determining the retention period, we also take into account criteria, such as the type of services requested by or provided to you, the nature and length of our relationship with you, possible re-enrollment to use our Site or Services, and the impact on the Site or Services functionality if we delete your personal data. For example, we may retain information for as long as we need it for:

  • A legal request or obligation, including obligations of Amperity or to comply with applicable law

  • A governmental investigation

  • A legal claim, complaint, litigation or regulatory proceedings

7. Your Rights and Choices

Depending on where you live, you have certain rights regarding your personal data that we collect.

Please note that your exercise of rights also depends on your relationship with us. Platform End Users should exercise their rights through our Customers.

  • Right to Object. You have the right to object at any time to the processing of personal data on grounds relating to your particular situation, including a right to object to the processing of your personal data for processing performed on the basis of legitimate interest, unless we are able to demonstrate overriding compelling legitimate grounds.

  • Right to Know/Access. You have the right to obtain confirmation from us as to whether we are processing your personal data and the right to access and receive a copy of such personal data.

  • Right to Delete/Erasure. In some cases, you may request the deletion or erasure of personal data concerning you, or restrict its processing. If we are processing your information on behalf of one of our clients we will forward your request to that client and await instructions from them on whether your information should be deleted. If required by law, we will grant a request to delete information, but note that in many situations we must keep your personal data to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes.

  • Right to Rectify/Correct Inaccurate Information. If we process inaccurate, incomplete, or outdated personal data, you have the right to correct it.

  • Right to Withdraw Consent. Once you have consented to the collection of your personal data, you may withdraw your consent at any time. Please note that your withdrawal of consent would not affect the lawfulness of processing based on consent before it was withdrawn.

  • Right to Data Portability. You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and the right to transmit that information data to another company where feasible.

  • Right to Restrict. You have the right to restrict us from processing your personal data under certain circumstances (e.g., you contest the accuracy of your personal data or when you believe that we are processing your personal data beyond the original purpose).

  • Right to Lodge a Complaint. EEA and United Kingdom residents have the right to lodge a complaint with the competent data protection supervisory authority. You can, for example, contact the supervisory authority in the EU Member State of your residence, place of work, or the place of the alleged infringement. For more information on how to lodge a complaint in the EU/EEA, please see https://edpb.europa.eu/about-edpb/board/members_en.

  • Right to Opt-Out of the Sale of Personal Data. We share your personal data with third parties in ways that could be considered a sale under California and other state laws. You can exercise your right to opt-out of such selling or sharing of your personal data by contacting us. Please note that we do not collect any sensitive personal data for the purpose of inferring characteristics about you.

  • Right to Appeal. Certain states in the United States (e.g., Colorado, Connecticut, and Virginia) allow you to appeal instances of where we are not able to honor your exercise of your personal data rights. If you are in one of these states and wish to appeal a decision we made with respect to exercising a right about your personal data, email us at privacy@amperity.com and in the email subject line include (a) your state of residence and (b) the words “Appealing Rights Decision,” and (c) in the email body provide an explanation of the basis of your appeal.

  • Right to Non-Discrimination. We will not discriminate against you because of your exercise of your privacy rights.

If you have an opt out preference signal enabled (e.g., the Global Privacy Control), you will automatically be opted out of the sale or sharing of your information, but we may ask you to confirm your preference if you have previously consented to the sale or sharing of your personal data.

To exercise your privacy rights, please submit a request by emailing to privacy@amperity.com.

Additional Information for California Residents.

Identify Verification

As required by California law, we may require you to prove your identity for exercise of certain rights. We may verify your identity by phone call or email. Depending on your request, we will ask for information such as your name, your telephone number, email address, and/or date of last communication with Amperity. We may also ask you to provide a signed declaration confirming your identity.

In some circumstances, you may designate an authorized agent to submit requests to exercise certain privacy rights on your behalf. We will require verification that you provided the authorized agent permission to make a request on your behalf. You must provide us with a copy of the signed permission you have given to the authorized agent to submit the request on your behalf and verify your own identity directly with us. If you are an authorized agent submitting a request on behalf of an individual, you must attach a copy of the following information to the request:

  1. A completed Authorized Agent Designation Form indicating that you have authorization to act on the consumer’s behalf.

  2. If you are a business, proof that you are registered with the Secretary of State to conduct business in California.

If we do not receive both pieces of information, the request will be denied.

Information Collection, Purpose, and Disclosure

In the preceding twelve (12) months, we have collected categories of personal data from the sources as discussed in Section 1 “Personal Data We Collect and How We Collect It.” The business or commercial purpose for collecting that information is disclosed in Section 2 “How We Use Your Information.”

In the preceding twelve (12) months, we have disclosed your personal data for a business or commercial purpose described in Section 2 “How We Use Your Information” to the following categories of third parties:

Categories of Personal Data

Categories of Third Parties

Identifiers (name, email address, telephone number, country, company name)

Professional and employment information

Our affiliated companies

Third party service providers (recruiting platforms, IT service providers, third party cloud storage)

Financial information

Financial payment processor

Internet or network information (e.g., browsing and search history, site and advertisement interactions, audience research data).

Our affiliated companies

Third party service providers

Geolocation data (e.g., location derived from GPS-enabled services)

Third party service providers

Inferences

Our affiliated companies

Third party service providers

In the preceding twelve (12) months, we have sold or shared your personal data for a business or commercial purpose to the following categories of third parties:

Categories of Personal Data

Categories of Third Parties

Identifiers (name, email address, telephone number, country, company name)

Marketing providers

Geolocation Data

Marketing providers

Additional Information for UK Residents

If you are from a region that requires a legal basis for processing personal data (such as the EEA or the UK), our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it and may include the following:

Purpose

Consent

Contract

Legal Obligation

Legitimate Interest

To provide, support and improve the Services

To track user behavior at an aggregate level to identify and understand trends in the various interactions with the Services

To respond to questions and comments, including support requests

To offer webinars and invitations to other promotional events

To market our Services

Protect and enforce Amperity's legal rights, including our intellectual property rights and preventing fraud

Meet legal compliance obligations, including corporate reporting, legal, and regulatory compliance and fiduciary obligations

Protect the safety and security of our products and services, and manage business continuity and disaster recovery operations

Enable access to, use of, and operation of the Services and Site other processing necessary for enforcement of our Terms of Service

Conduct surveys and respond to feedback and inquiries

Contacting us via methods described in Section 11 of this Notice.

8. Children

This Site is not directed towards children. We do not knowingly collect personal data from children under the age of 16 through the Site and/or the Services. If you are under 16, please do not give us any personal data. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Notice by instructing their children to never provide personal data through the Site without their permission. If you have reason to believe that a child under the age of 13 has provided personal data to us, please contact us, and we will endeavor to delete that information from our databases.

9. Links

The Site and the Services may contain content, services, advertising and other materials that link to external Sites. Amperity does not endorse and is not responsible for the content of any such External Sites. Please refer to the terms of use and privacy policies of the External Sites for more information.

10. Changes to This Notice

This Privacy Notice is effective as of the date stated at the top of this Privacy Notice. We may change this Privacy Notice from time to time. Your access of the Site or continued use of our Services after such change will be deemed acceptance of the new Privacy Notice.

11. How to Contact Us

If you have any questions or concerns about Amperity’s privacy practices or about exercising your rights, you may send an email to privacy@amperity.com or call us at 1-800-674-8267. You may also write to us at:

Amperity Inc. Attention: Legal Department 701 5th Ave Suite 2600 Seattle, WA 98104

Amperity’s Data Protection Officer can be contacted via email at privacy@amperity.com or reached at the above address.

Amperity, Inc. is the entity responsible for the processing of personal data as described in this Privacy Notice.

In the event that you have any Site security concerns, please address them to security@amperity.com.