Product

Privacy Policy

Introduction

What this Privacy Notice Covers. This Privacy Notice applies only to Uptake’s processing of your Personal Data in connection with your access to and use of Uptake products (e.g., Uptake Compass, Uptake Radar (the “Product”). If you have provided personal data to Uptake in another context, Uptake’s processing of that personal data is explained in another privacy notice.

Read this Privacy Notice! We want you to feel that our processing of your Personal Data is conducted fairly and transparently, so we want you to read this Privacy Notice.

1. Who are we?

When we say “Uptake” (or “us” or “our” or “we”), we mean Uptake Technologies, Inc. and our affiliates. We don’t mean other companies or individuals that we don’t own or control.

You can find and contact us at at 600 W. Chicago Ave., Suite 350, Chicago, IL 60654. If you prefer phone, you can reach us at +1-312-242-2200. Emails related to this Privacy Notice can be sent to [email protected].

2. What are we processing?

What are we processing?

We are processing at least your name and email address. In certain circumstances, we’ll collect additional data (as described below). All of the data we describe in this section is referred to, collectively, as “Personal Data.”

  • We’ll process identifier information, including your phone number, work address, title, and employer.
  • We may also process your IP address and certain geolocation information (e.g., city) in connection with your use of our products and/or in connection with our work with our customer (i.e., the entity that authorized your access to the Product).
  • We will collect data about how you use our Products.
  • If you are purchasing a license via credit card, we will ask you for that credit card information to process payment.

How did we get your data?

We obtain Personal Data through a few methods:

  • From You. You provide us with most of your identifier Personal Data when you create an account to use our Products and when you request customer support concerning the a Product. You also provide certain identifier Personal Data when you log-in to and otherwise use the Product.
  • From Your Employer. We may receive your identifier Personal Data from your employer when, as an Uptake customer, they submit your data as a Product user (this is often how we set up new Product users).
  • From a Processor. We obtain some of your Personal Data (including certain identifier and geolocation data) from Processors. Our Processors help us assign the service ID that we use to authenticate your access to the Uptake Product. We also use data analytics providers to track your usage of the Product, which we consider internet activity information.

A Note on Cookies.

At times, your Personal Data may be collected automatically through cookies, including cookies from our Processors like Google. Most browsers include an option to clear existing cookies or reject new ones. If you prefer not to use any cookies, you can also opt out in some browsers by adjusting your browser settings. However, if you opt out or reject new cookies, some portions of the website may not function as intended. Note that we currently do not support Do Not Track browser settings.

3. Why are we processing it?

Reasons for Processing.

We are processing your Personal Data for a few reasons, which we’ve summarized below. Again, our reasons for processing may depend on the circumstances surrounding that processing.

  • We may need to communicate with you concerning the Product and your use of it, including, for example, to let you know that we’ve updated this Privacy Notice.
  • We need your credit card info if you purchase a trial product license via credit card.
  • If you request support from our Customer Service team, we need your Personal Data to provide you with the requested support, which may include related communications. We will maintain records of these Customer Service-related communications and services for internal use purposes (primarily quality assurance).
  • We may need to give your identifier and geolocation Personal Data to a Processor so that it can effectively provide and manage our internal issue tracking and remediation tools.
  • We may collect usage metrics (e.g., time spend using the Product, interactions with the Product, actions taken in response to a Product alert) to improve and update the Product.
  • We may disclose usage metrics to our customer (i.e., the entity that provided you with access to the Product) so they can evaluate their and their users’ (including your) use of the Product. Unless otherwise requested, we will try to do this in a deidentified way, but we can’t guarantee that this will happen.
  • Other Important Reasons.
    • We need to monitor certain aspects of your access to and use of the Product to ensure compliance with our Terms of Use and applicable law.
  • We keep records of your (and other users’) review and acknowledgment of this Privacy Notice and our Terms of Use.
  • We may use your identifier, geolocation, and internet activity Personal Data if we think it’s necessary for security purposes or to investigate possible violations of our Terms of Use, this Privacy Notice, or applicable law.

Lawful Basis.

Uptake does not process (any) personal data without a lawful basis for doing so. For most of our processing under this Privacy Notice, our lawful basis is our legitimate interest in providing you with access to the the Products and providing related services (like customer support), improving our Products and services, and complying with our legal obligations, including those that we may have under our customer contracts. Achieving these interests is critical to our business, and all processing under this Privacy Notice is necessary to achieve these interests. Given the limited scope of Personal Data processed and the security measures we take to protect it, we feel these interests outweigh any risks presented to our data subjects.

In some instances, our processing is based on our contractual obligation to you, under the Products’ Terms of Use, to make the Product available to you. This requires processing your name and email address for creating your account and validating your login information when you log in to the Product.

No processing of your Personal Data under this Privacy Notice is required by law.

4. How are we processing it?

Scope of Processing.

Throughout this Privacy Notice, you’ll see us talk about “processing” your Personal Data. This has a broad definition and refers to everything we’re doing with respect to your Personal Data under this Privacy Notice. More specifically, though, we are storing your Personal Data, organizing it to make it usable for achieving those reasons, disclosing it internally and to our Processors (each as described in Section 6), and otherwise analyzing and using it, in all cases only as we need to do so to achieve the reasons for processing described above. When we’re done with it (more on that below), we may also delete or destroy it. We are not conducting any automated decision-making, including profiling, with respect to your Personal Data.

Consequences of Processing.

Our processing of your Personal Data under this Privacy Notice will have some consequences for you. These consequences include the following:

  • - You will be able to log in to the Product(s) and we will be able to track when and from where this happened.
  • - You will be able to view and edit some of the Personal Data that we store, and we will know when you’ve done so.
  • - We will know what kind of device, browser type, and operating system you used to access the Product(s).
  • - We will gain an understanding of how you use the Product and may report this to your employer or engaging entity.
  • - We will have a record of your interactions with our Customer Service team.
  • Other.
    • - We may be able to tell that you’ve breached our Terms of Use or applicable law or have otherwise misused the Product or compromised its integrity or security. We may communicate these breaches or misuses to your employer or engaging entity or, if appropriate, law enforcement or regulatory authorities.

Data Security.

Uptake takes data security very seriously and will always use reasonable efforts to secure your Personal Data. We have implemented appropriate technical and organizational measures to protect personal data, including, at a minimum, measures that are generally consistent with the ISO 27001 standard. These measures include encryption of Personal Data transmitted to and from the Product and encryption of Personal Data at rest. However, no data transmission over the Internet is completely secure, so we cannot guarantee absolute security of any data. You should take your own measures to secure your Personal Data, including choosing strong passwords and keeping your login credentials confidential.

5. How long will we have it?

Personal Data.

We can’t say for certain how long we’ll have your Personal Data, but, at a minimum, we will have it for so long as you maintain an active account any Product. After your time with us ends, we will use reasonable efforts to delete your Personal Data from all relevant systems. We may retain certain portions of your Personal Data following the termination of your account, but we will only do so to the extent we consider reasonably necessary to achieve our legitimate business interests, including resolving legal disputes or maintaining security, or to comply with legal and regulatory obligations.

Deidentified Data.

The description above of our data retention and deletion processes does not apply to any data that we have derived from your Personal Data, provided that this derived data cannot be used to identify you. This data is not considered “Personal Data.”

6. Who else is getting it?

Within Uptake.

Your Personal Data will be shared only among employees and contractors that need to use it to achieve our stated reasons for processing. These employees and contractors may work for one of Uptake’s subsidiaries and affiliates. This will likely include members of the following teams: Customer Success (including Customer Service), Product (engineering and development), and Security. It won’t include employees or contractors that have no involvement in the research, development, engineering, security, support, or other use or analysis related to any Product.

Outside of Uptake.

Uptake discloses Personal Data within each category described above for commercial purposes, namely to receive services from our Processors (we’ll define that shortly). However, Uptake does not, and will not sell your Personal Data (as the term “sell” is defined under the California Consumer Privacy Act). The situations in which your Personal Data may be disclosed are described below.

Processors.

We may need to disclose your Personal Data (including identifiers, geolocation information, and internet activity information) to certain third parties who need to process it to provide Product-related services to us (we call these third parties “Processors”). As of the date of this Privacy Notice, our primary Processors are:

  • AWS and Microsoft Azure. Hosts the Products and and stores most of your Personal Data.
  • Google. Provide our Product-usage metrics and analytics tools and other monitoring functionalities.
  • Salesforce. Provides our customer relationship management (CRM) tools, including customer support portals for some of the Products.
  • CloudFlare and Rapid7. Monitors Product security and helps us identify threats and issues.
  • Jira. Tracks our customer support requests and issue remediation internally.

As we refine the Product, we may engage additional, similar Processors that may need to process your Personal Data. In all cases, we only make your Personal Data available to Processors who truly need it, and their processing will generally be limited to what is necessary to provide us with Product-related services.

Your Employer or Engaging Entity.

As noted above where we discuss our usage metric tracking, we may disclose your Personal Data (generally just identifiers and internet activity information) when reporting to our customers (i.e., your employer or engaging entity) regarding use of a Product. Again, we will try to do this reporting in anonymized form, but this may not always be possible.

Change in Control or Sale of our Business.

We may share your Personal Data (in all categories) if Uptake is ever purchased by a third party (regardless of how that happens or whether it’s all or only a portion of Uptake). This may include sharing prior to the consummation of that purchase. Regardless of who obtains that Personal Data, they will need to keep using it in accordance with this Privacy Notice unless they tell you otherwise.

Law Enforcement.

Like other global companies, Uptake is subject to various legal obligations and falls within the jurisdiction of numerous government and law enforcement officials. We will cooperate with these officials, as well as any private parties, as required to enforce and comply with the law. We may disclose your Personal Data as we, in our discretion, believe is necessary or appropriate: (a) to comply with law, regulation, or valid legal process; or (b) to protect our property, rights, and safety, and the property, rights, and safety of a third party or the public in general. If we are going to release your Personal Data on this basis, we will do our best to provide you with prior notice unless doing so is prohibited by law, regulation, or valid legal process or could otherwise be prejudicial to our ability to enforce and/or comply with the law.

7. Where is it going?

Processing in the U.S.

Uptake is headquartered in Chicago, and we and our Processors process your Personal Data primarily in the United States. Your Personal Data will not leave the United States unless you ask for it back, in which case it will be transferred back to the country in which you reside.

Read This if You Live in Europe.

As you may be aware, the United States has not been subject to a universal adequacy decision by the European Commission. While we can’t read their minds, we believe this means that the European Commission does not consider U.S. laws to provide the same level of legal protections to individuals concerning their personal data and how it is used, in part because U.S. companies may not be subject to legal obligations as stringent as those applicable to European companies. This means that processing in the U.S. may be undertaken with fewer privacy- and security-focused protections than in Europe, which may increase the risk of data breaches, losses of data, or similar events affecting personal data privacy and security. In any event, Uptake is firmly committed to data privacy and security and has implemented a number of measures that are intended to ensure all personal data (including your Personal Data) is protected just as strongly in the U.S. as it might be in Europe. We won’t get into all of it here, but this includes entering into EU-approved model contract clauses with certain of our Processors and providing appropriate technical and organizational measures to secure your Personal Data (as discussed above). If you have any questions about cross-border processing, please don’t hesitate to reach out to [email protected]

8. What if something changes?

It could happen. This Privacy Notice is current as of January, 2021 but we may change this Privacy Notice or the way in which we process your Personal Data (including the purpose of that processing or the methods for doing so). If we do, we do our best to notify you in advance (probably by email). The current version of this Privacy Notice will always be accessible within the Product.

9. What can you do about it?

Uptake is committed to the cause of giving individuals greater control over the processing of their personal data.
In furtherance of this commitment, as one of our “data subjects” (a technical term), you may be entitled to certain rights:

  • Right to Request Information. You have the right to ask us questions about our processing of your Personal Data, including if you feel information is missing from this Privacy Notice.
  • Right to Access. You have the right to request access to your Personal Data.
  • Right to Rectification. You have the right to ask us to correct errors, or to complete omissions, in your Personal Data.
  • Right to Erasure.* You may have the right to ask us to delete your Personal Data. Some people call this the “right to be forgotten.”
  • Right to Restriction of Processing.* You may have the right to halt or limit our processing of your Personal Data.
  • Right to Data Portability.* You may have the right to receive, or have us transmit to another person, a portable copy of your Personal Data.

The rights above with an asterisk (*) are subject to some conditions and may not be applicable under this Privacy Notice. We’d prefer that you send requests to exercise any of the above-described rights via email at [email protected] However, we also take these requests by phone at +1-312-242-2200 (you’ll want to be connected to our legal and/or security teams).

Uptake will never discriminate against individuals who exercise their legal rights concerning their personal data. It’s your data, and we want you to have a say in how it’s used.

If you’re not happy with what you’ve read so far, or if you believe we’ve overstepped, you can always reach out to your local data protection authority. The identity of your local data protection authority depends on where you live, so we are unable to identify it for you.

10. Anything else?

If we haven’t answered your question yet, you sure do have a lot of questions. Fire those questions over to [email protected].