Privacy Policy

LAST MODIFIED: April 1, 2024

Introduction:

CENTRL Inc (“we”, “us”, or “our”) is headquartered in Mountain View, California and provides various business-to-business software-as-a-service (“SaaS”) technology products and solutions to companies, advisory and consulting firms, and other business and commercial entities around the world (“customers”). Our customers, partners, vendors, visitors to our websites, employees, job applicants, and others may provide us with certain personal and other information. We are committed to protecting the confidentiality and security of any personal information we collect, use, store, or share, whether we are acting as a data controller or data processor. Our obligations, if any, to certain individuals (“data subjects”) regarding their personal information may, however, differ depending on whether we are acting as a data owner (“data controller”) or third-party vendor (“data processor”). Due to the nature of our business, we act primarily as a data processor. This means we act on the instructions of the data controller.

This Privacy Policy (“Policy”) explains how personal information is collected, used, stored, and disclosed by us in connection with your (“you” or “your”) use or access of any (i) CENTRL product, service, or application (individually “Service” and collectively “Services”), and (ii) our online or mobile websites, including oncentrl.com, globalnetwork.oncentrl.com, odd360.oncentrl.com, central.ai and msacompliance.oncentrl.com (collectively, the “Site”), or when you otherwise interact with us in any manner.

For purposes of this policy, “personal information” refers to information such as your full first name and last name, your title, your telephone number and email address, and other information we may request from you to help identify you or that you voluntarily choose to share with us. This Policy does not apply to personal information that may be included in the material, information, or content such as files, documents, email messages, recordings, chat logs, transcripts, and similar records that we may maintain on our customers’ behalf or that our customers may upload to their accounts with us in connection with their use of our Service (collectively referred to as “Business Content Data”).

  • CENTRL as a Data Processor: We act as a data processor in providing Services to our customers that act as data controllers for any personal information they may collect from their customers, employees, or others and that we may process in connection with providing our Services to our customers. In order for us to provide our Services to our customers, we may need to collect certain information from individual employees of our customers or other individual users of our Services that may identify that user as an individual in order to provide that user with access to the applicable Service, as requested by our customer. All of this user information is collectively referred to as “Business User Data” and we process such Business User Data, including any personal information which may be included therein, solely for the purposes of providing our Services to our customers and in accordance with the written or other instructions of our customers pursuant to our Master Services Agreement (including the subscription agreement), Terms of Service for Guests, Acceptable Use Policy, Data Processing Addendum, and/or any similar agreements between us and our customers.
  • CENTRL as a Data Controller: We may, on occasion, act as a data controller and collect personal information from you outside of a business-to-business relationship or transaction when you voluntarily choose to provide this information to us in various circumstances, as noted below. We may also collect, use, store, or share personal information from applicants for employment, our employees, and former employees.

By accessing the Site and/or registering with the Service, you affirm that you are 18 years of age or older and have reviewed, understood, and accepted the practices and policies outlined in this Policy, the Master Service Agreement (including the subscription agreement), Acceptable Use Policy and the Terms of Use for Guests (collectively, the “Agreement”), as the same may be applicable to your use or access of the Site and/or Service. You understand that by using the Service, you give us your express consent to the collection, storage, use and disclosure of your Personal Information and any non-personally identifiable information, as described in more detail in this Policy.

Unless otherwise specified herein, all defined terms used in this Policy have the meanings ascribed to them in the Master Services Agreement (including subscription agreement) and/or the Terms of Use for Guests.

Information We Collect:

  • From You and About You:
    • From Use of Service: WWe may collect certain Business User Data from you when you register for an account, create, or modify your profile and account, access and use a Service (including, but not limited to, when you upload or download material such as documents or collaborate or share files, questionnaires, or any other information), or otherwise communicate with us. If you register to use a Service as a Subscribed User, as that term is defined in the Master Services Agreement (including the subscription agreement), we may collect your name, company name, business email address, and other business-related information. We collect Business User Data and personal information from you under this section so that we may, as a data processor, provide the requested Service to you, as authorized by our customer.
    • From Websites or Events: We may collect personal information from you that you may choose to voluntarily send or provide to us in connection with a product demo or trial request, white paper or other download request from our Site, or similar request form or if you register for, attend, or request access to any webinar, podcast, live chat, conference, or similar event hosted by or sponsored by us. We may collect your name, job title, email address, telephone number, postal address (including country), and other information. We may also collect information that you choose to voluntarily provide to us through any chatbot or similar interactive feature on our Site. If you contact us through the Site, we will keep a record of all related correspondence. You can Unsubscribe from any communications you receive relating to the events listed above.
    • From You and About Others: We may collect information about your third parties, such as name, email address, etc., that you may provide to us in order to enable the functionality and features of any Service. For example, if you invite a guest to use any Service, we will collect their email address in order to send an access invitation to such a party. We collect information from you under this section about these third parties so that we may, as a data processor, provide the Service to you, as authorized by your employer or other organization or entity.
  • From You and About Your Activities: When you access and use any Service or Site, we will collect and analyze information about how you interact the Service or Site, including but not limited to your access times, browser type and language, the Web pages that you visit, and the Business Content Data you use. We may also collect engagement information in anonymous aggregated form (this information does not include any personal information) to assist us in improving our Site and our Services.

Cookie Practices:

  • Definition: A cookie is a small text file that can be stored on and accessed from your device when you use our Service or visit one of our Sites, to the extent you agree.
  • Cookie Use: We use different types of cookies to support our Site and Services, in tracking analytics, for marketing purposes, and for tracking session information.
  • Removing Cookies: Cookie preferences and existing cookies can be viewed and removed at any time through your internet browser.
  • Cookies used by Services:
    • Analytics: We use services such as Google Analytics to track user flows, as permitted by the data controller.
    • Support: We use a third-party provider to provide an online customer support system in order to support our users. This includes chats, FAQs, and customer support.
  • Cookies used by Site:
    • Analytics: We use services such as Google Analytics to track user flows.
    • Support: We use a third-party provider to provide support system to visitors to our Site. This includes chats and FAQs.
    • Marketing: We use cookies for marketing purposes, in order to gather more information on how you interact with the Site.
    • Session State: We use cookies to track session state as a user moves through the Site.

Using Your Content:

We will use Business User Data collected to provide you with the Services. The Business User Data may be used for a variety of other purposes, including to:

  • Administer and operate CENTRL;
  • Provide access and authorization to upload, share, publish, evaluate, and collaborate on content in CENTRL;
  • Contact you about changes to Business Content Data;
  • Send you technical notices, updates, security alerts, newsletters, release notes, and similar support and administrative messages;
  • Respond to your questions and requests and provide customer service;
  • Monitor and analyze trends, usage, and activities and to produce aggregated analytics and reports in connection with your use of CENTRL to enhance or improve our Services, including developing new features, for sales, marketing, or advertising purposes; and
  • For other purposes about which we notify you.

Any communication or material you transmit to us via e-mail or otherwise, including any questions, comments, suggestions, or the like, but not including your Personal Information and any requests, comments, or concerns regarding your Personal Information, will be treated as non-confidential and nonproprietary.

Disclosure of Information:

We will not disclose personal information about you or any Business User Data with any third parties except as described below and in the Master Services Agreement (including the subscription agreement) and/or the Terms of Use for Guests. For example, we may share personal information about you as follows:

  • Vendors, Consultants and Other Service Providers: We may share your Business User Data or personal information with third-party vendors, consultants or other service providers who are working on our behalf and require access to your Business User Data or personal information to carry out that work, such as to process billing or provide customer support. Our primary customer support teams are in the United States, and we have supplemental support teams in India. These customer support teams will access your Business User Data or personal information, but only as necessary to perform support tasks on our behalf. They will have access to the case information submitted by you on your customer support tickets, such as your name and company email address. Our vendors, consultants, or other third-party service providers are authorized to use your Business User Data or personal information only as necessary to help provide, improve, protect, and promote CENTRL.
  • Third Party Applications: If you choose to connect to us using a third-party application, we may exchange/share information about you, including your username and any Business User Data you choose to use in connection with those applications and services, and such third parties may directly contact you as necessary. This Policy does not apply to your use of such third-party applications and services, and we are not responsible for how those third parties collect, use, and disclose your information and Content. We encourage you to review the privacy policies of those third parties before connecting to or using their applications or services to learn more about their information and privacy practices. We partner with third parties to manage our sales and marketing and in this context, we may share some of your information, such as email address and IP address.
  • Compliance with Laws: We may disclose your Business User Data or personal information to a third party if (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process, or governmental request, (b) to enforce our agreements, policies, and Master Services Agreement (including the subscription agreement) and/or the Terms of Use for Guests, (c) to protect the security or integrity of CENTRL, our customers, or the public from harm or illegal activities, (d) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person, or (e) to any other third party with your prior consent.
  • Corporate Transactions: In the event of sale, transfer, merger, reorganization, dissolution, or similar event, we may share and/or assign your Business User Data or personal information to one or more third parties as part of such transaction.
  • International Access to the Site and/or Service: If you are accessing the Site from outside the United States, you should note that by providing your personal information as stated herein, you authorize us to store and use your personal information in the United States as set forth herein and to permit access by our customer support teams in the United States or another country to certain limited information to provide support. Please note that these countries may not have the same data protection laws as the country in which you reside. If you are accessing the Service from outside the United States and do not wish to provide us with your Business User Data or for us to store and maintain this Business User Data, please do not register for the Service.

Storage and Security:

We are committed to protecting your personal information and Business User Data from loss, unauthorized access, use, or disclosure, and alteration. We have adopted and maintain reasonable administrative, physical, and technical safeguards to protect the security, confidentiality, and integrity of your personal information and Business User Data. For more information about our security practices, please review our Security Policy.

Content Retention:

We store your personal information and Business User Data for varying periods of time depending on applicable governing laws, your continued use of our Services, and our agreements with our customers. As long as you are using the Service, your Business User Data will remain on our servers. Once your account is deleted or your Business User Data is not needed to provide you or your third-party users with our Services, we may retain your Business User Data for a reasonable period of time afterwards if we have an ongoing business need to do so or the law requires us to retain such information. After that period of time has lapsed, your Business User Data will be deleted.

Your Access to Business User Data:

You can access your Business User Data at any time by clicking on your Profile. You can request that we update your Business User Data to ensure it is correct and up to date. You can also request a copy of your Business User Data by sending an email to us at: privacy@centrl.ai.

Links to Third Party Websites:

We may place links to third-party websites (“Linked Site(s)”) on the Service or Site. When you click on such a link from our Service or Site, your activity on the Linked Site is governed by that website’s privacy, user, and other policies, not by those of CENTRL. Unless otherwise affirmatively stated on our Site, we do not endorse any of the products or services described in or offered on any Linked Site.

Do Not Track Disclosure:

We do not track or monitor your online activity over time and across third party websites to provide you with targeted advertising, so we do not monitor or respond to “Do Not Track” (“DNT”) web browser requests or similar signals.

Information from Children:

None of our Services are intended to be used by children under the age of 18. We do not knowingly solicit or collect personal information from anyone under the age of 13. If you believe that a child under the age of 13 may have provided personal information to us, please contact us at: privacy@centrl.ai.

Information from Outside the U.S.:

CENTRL maintains a global infrastructure to serve our global customer base. Information that we collect and maintain may be transferred to and/or processed and maintained in the United States and/or in other countries where the privacy laws may not be as protective as those in your location. If you are located outside of the United States, please be advised that we may process and store personal information in the United States. If we need to transfer personal information of Business User Data from the European Economic Area or the United Kingdom to a country that may not provide the same level of protection of such personal information in order to provide a Service to you, as requested by our customer, or to honor a request from you, we will use appropriate safeguards to protect the information or data, such as standard contractual clauses.

Use of information with Generative AI:

CentrlGPT utilizes prompt based generative AI to help you answer and evaluate questionnaires on the CENTRL platform. For this purpose, CENTRL uses third-party services. Neither CentrlGPT or such third-parties use any personal information. Any data sent to the third-party services is not stored or used for training the generative AI model.

Policy Changes:

This Policy may be updated from time to time. The most current version of this Policy will be posted and available at: https://www.centrl.ai/legal/privacy-policy/. Please check this link periodically to remain informed about changes to this Policy.

Contact Us and/or Exercise Your Data Subject Rights:

If you have any questions or concerns about how we are processing your personal information or Business User Data or about this Policy, please let us know by sending an email to us at: privacy@centrl.ai.

If we are acting as a data processor, you should submit your data subject rights request to your data controller. We may not be able to honor your requests under certain circumstances, such as when we are acting as a data processor or we are legally prevented from doing so.

If you are a resident of the European Economic Area (EU), United Kingdom (UK), or Brazil and you would like to access, review, update, rectify, or delete any personal information that we hold about you as a data controller or exercise any data subject right available to you under the EU General Data Protection Regulation (“EU GDPR”), UK General Data Protection Regulation (“UK GDPR”), or Brazil’s Lei Geral de Proteção de Dados Pessoais or General Law for the Protection of Personal Data (“LGPD”), as applicable, you can submit a data subject rights request by sending an email to us at: privacy@centrl.ai.