Privacy Policy
This Privacy Policy (“Policy”) applies to the Sites of ConcertAI LLC (“ConcertAI,” “we,” “us,” or “our”). Our “Sites” include our website located at http://www.concertai.com and any communications you receive from us through our website. The Sites also include any other ConcertAI website on which this Policy is posted or referenced.
This Policy describes how ConcertAI collects, uses, and shares your personal information when you use our Sites. You can jump to particular topics by going to the headings below:
Personal data we may collect about you
We collect and process personal data about you when you, or the organisation for which you work, purchases our products/services, when you visit our website, register on the website, utilise other activities, services, features or resources we make available on our website, or when you request information or otherwise communicate with us. This includes:
| Category | Details | Source |
|---|---|---|
| Identification Information | Name, Company, Job title, Primary specialty, Department | From you |
| Contact | Email Address, Phone number, Mailing Address | From you |
| Marketing | Your marketing preferences, including any consents you have given us | From you |
| Device | Information related to the browser or device you use to access our website | Collected automatically |
How do we use this information, and what is the legal basis for its use?
| Purpose | Legal Basis |
|---|---|
| We will collect, use and store your Identification and Contact Information to register and create an account on our website and provide you with services. | Where you enter, or request to enter, into a contract with us, it is necessary for us to process your personal data in order to perform this contract with you, or to take steps at your request prior to entering into the contract with you. If the organisation which you work for enters into a contract with us, we have a legitimate interest in managing our business and providing services to our customers. |
| We collect and use your Identification, Contact and Device Information to verify your identity. | We have a legitimate interest in ensuring the security of our services and data. |
| We will collect, use and store your Identification and Contact Information to manage our relationship with you. | We have a legitimate interest in managing our business and providing services to our customers. |
| We may use your Identification, Contact and Device Information to monitor customer accounts to prevent, investigate and/or report fraud, misrepresentation, security incidents or crime, in accordance with applicable law. | Where we have a legal obligation, this is the lawful basis. In other circumstances, the lawful basis is our legitimate interest in preventing and detecting fraud or other wrongdoing. |
| We will collect and use Identification, Contact and Marketing Information to send you direct marketing in relation to our relevant products and services, or other products and services provided by us, our affiliates and carefully selected partners. | Where we need your consent to do this, the lawful basis is consent. In other circumstances, the lawful basis is our legitimate interest in promoting our services to our customers. |
| We will collect and analyse Identification, Contact and Marketing Information in order to manage and operate our website, including to keep it updated and relevant, to develop our business and to inform our marketing strategy. | Where we need your consent to do this, the lawful basis is consent. In other circumstances, the lawful basis is our legitimate interest in operating our site and improving its operation. |
There are instances where we have a legitimate interest to use your data. Our legitimate interest will vary depending on what we are using your data for, and we explain above what the interest is and how it relates to the processing operations that we are carrying out. Where we process personal data on the basis of a legitimate interest, then – as required by data protection law – we have carried out a balancing test to document our interests, to consider what the impact of the processing will be on individuals and to determine whether individuals’ interests outweigh our interests in the processing taking place. You can obtain more information about this balancing test by using the contact details at the end of the notice.
How do we share your personal data?
We may share your data with the following categories of recipients:
| Personal Data Category | Category of Recipient | Why? |
|---|---|---|
| All | Third Party Service Providers | We employ other companies and individuals to perform functions on our behalf. Examples include website hosting and maintenance, cloud security, customer service operations, identity checking, fulfilling orders for products or services, sending postal mail and e-mail, and providing customer service. |
| All | Credit reference agencies, law enforcement and fraud prevention agencies | To prevent, investigate and/or report fraud, misrepresentation, security incidents or crime, in accordance with applicable law. |
| All | Prospective Buyer/Seller | In the event that the business is sold or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business. |
Where required by applicable data protection laws or regulations, we enter into agreements with those third-party service providers requiring them to provide adequate levels of data protection and limiting their use of the data to the specified services provided on our behalf.
Where we transfer your personal data
Personal data that we collect from you may be transferred to and stored at a destination outside the UK/EEA. Where these locations do not provide an adequate level of data protection, we ensure appropriate safeguards are in place to protect the transfer of your personal data to these countries:
| Recipient | Category | Country | Mechanism |
|---|---|---|---|
| Concertai Inc. – Service Provider | All | United States | EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework - see details below |
| Symphony Concerto India Private Limited - Service Provider | All | India | Standard Contractual Clauses (“EU SCCs”), approved by the EU Commission. International Data Transfer Addendum to the EU SCCs, issued by the UK Information Commissioner |
As outlined in the table, Concertai, Inc. has self-certified to the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries, the United Kingdom, and Switzerland. Concertai, Inc. has certified that it adheres to the Data Privacy Framework Principles of notice, choice, onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability. For the purposes of transfers of data from the UK, Concertai confirms that it identifies biometric, genetic, sexual orientation and criminal offence data as ‘sensitive data’. To learn more about the Data Privacy Framework Program, and to view certifications, please visit https://www.dataprivacyframework.gov/. To view Concertai’s Data Privacy Framework Policy, please visit: https://www.concertai.com/data-privacy-framework-policy.
A copy of the relevant mechanism can be obtained for your review on request by using the contact details below.
Detailed Cookie Information
We use cookies on our website. A cookie is a very small text document, which often includes a unique identifier. Cookies are created when your browser loads a particular website. The website sends information to the browser which then creates a text file. Every time the user goes back to the same website, the browser retrieves and sends this file to the website's server. Find out more about the use of cookies on www.allaboutcookies.org.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
| Type of Cookies | Purpose | Duration until expiry |
|---|---|---|
| Strictly necessary cookies | These cookies are required to enable core functionality. Without these cookies, services you have asked for cannot be provided. If you disable these cookies certain parts of the website will not function for you. | Indefinitely |
| Analytics cookies | These cookies help us improve or optimise the experience we provide. They allow us to measure how visitors interact with the website and we use this information to improve the user experience and performance of the website. These cookies are used to collect technical information such as the last visited website and the number of pages visited. | Up to 2 years |
| Functional cookies | We may use cookies that are not essential but enable various helpful features on our websites. For example, these cookies collect information about your interaction with services provided on the website and may be used to remember your preferences, such as your language preference. | Up to 6 months |
| Advertising cookies | We use these cookies to collect information about your browsing habits in order to make advertising more relevant to you and your interests. They are also used to limit the number of times you see an advert as well as help measure the effectiveness of an advertising campaign. We may share this information with other parties who help manage online advertising – please see the "Third Party" section below for more details. | Up to 1 year |
You may adjust, at any time, your cookie preferences here.
Most internet browsers allow you to manage cookie settings or to delete them. Methods vary for doing so, but you can see information about managing cookies at the following links:
Google Chrome
Mozilla Firefox
Apple Safari
Microsoft Edge
Your choices and rights
You have the following rights:
| Right | Summary |
|---|---|
| The right of access | Enables you to receive a copy of your personal data |
| The right to rectification | Enables you to correct any inaccurate or incomplete personal data we hold about you |
| The right to erasure | Enables you to ask us to delete your personal data in certain circumstances |
| The right to restrict processing | Enables you to ask us to halt the processing of your personal data in certain circumstances |
| The right to object | Enables you to object to us processing your personal data on the basis of our legitimate interests, or those of a third party, including processing for direct marketing purposes or profiling for purposes of direct marketing. Your objection will be upheld, and we will cease processing your personal data, unless the processing is based on compelling legitimate grounds or is needed for the exercise or defence of legal claims that may be brought by or against us. |
| The right to data portability | Enables you to request us to transmit personal data that you have provided to us, to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible |
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep.
If you wish to exercise any of these rights, please contact us at info@concertai.com.
Wherever we rely on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. We may however have other legal grounds for processing your data for other purposes, such as those set out above.
In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by clicking on the “Unsubscribe” link in the marketing emails we send you.
If you have unresolved concerns, you have the right to complain to a data protection authority in the country that you reside in or, the country of your place of work or the country where the alleged infringement took place.
In order to do business with us, the provision of your Identification and Contact Information is mandatory: if relevant data is not provided, then we will not be able to engage with you appropriately. The provision of all other information is optional.
How long we retain your personal data
Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period of 7 days after this, to allow us to implement your requests. We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data indefinitely so that we can respect your request in future.
Where we process personal data for site security purposes, we retain it for 1 year.
Where we process personal data in connection with performing a contract, we keep the data for 6 years from your last interaction with us.
Updates to this privacy notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
Contact Information
If you have any questions, comments, or complaints concerning our privacy practices please contact us at the appropriate address below. We will attempt to respond to your requests and to provide you with additional privacy-related information.
ConcertAI
610 W Germantown Pike
Plymouth Meeting, PA 19462