Privacy Statement

CompIntelligence (or “we” or “us”) is a company that creates solutions to help its business entity clients (“Clients”) manage their equity compensation and financial analysis needs. CompIntelligence has hundreds of Clients worldwide, ranging in size from mid-market to the Fortune 500. CompIntelligence is committed to protecting the personal information of individuals provided to us by our Clients (“Client Data”) and the personal information of individuals obtained by us directly as a result of responses to the “Contact Us” portion of this website or other direct contacts with such individuals (“Direct Data”).   We have setup procedures to ensure that such personal information is handled responsibly. This Privacy Policy sets forth how CompIntelligence protects the privacy of such personal information.

EU-US. Privacy Shield
As part of its global compliance efforts, CompIntelligence complies with the EU/US Privacy Shield Principles developed by the United States Department of Commerce in conjunction with the European Commission.   Whether the personal information is Client Data or Direct Data, and whether the personal information was obtained in the United States, or transferred to us from the European Union (”EU”) or elsewhere in the world, the use of such information will be governed by our compliance with the EU/US Privacy Shield Principles.  To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield list. (https://www.privacyshield.gov/list)

Client Data
Personal Information obtained
We enter into contracts with our Clients to assist them in the administration of the equity compensation plans of such Clients.  The Clients provide us with Client Data consisting of personal information of the participants in such plans which may include names, contact information and specific information relating to the type of equity compensation award, its duration and vesting requirements, and the economic terms of the awards.  Client Data does not include personal data which reveals racial or ethnic origin, political opinions, religious beliefs, genetic data, biometric data, data concerning health, or data concerning a person’s sex life or sexual orientation.

Use of Personal Information
The written contracts between us and our Clients set forth the specific processing tasks that we will perform with respect to the Client Data.  We will make no use of the Client Data other than as directed by our Clients in those contracts.  In some contracts those tasks include maintaining a data base of the personal information we are processing.  Client Data will only be used by us, and such data bases will only be maintained for the duration set forth in our contracts with our Clients. With respect to personal data received or transferred pursuant to the Privacy Shield Framework, CompIntelligence is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, CompIntelligence may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Disclosure or onward transfer of personal information to others
We will only disclose the Client Data to a) companies we hire as our agents to be subprocessors, and with whom we have written contracts setting forth the sub processing tasks such companies are to perform, and requiring them to maintain technical and organizational controls to prevent unwanted disclosure or use of such personal information, and b) in response to lawful requests by public authorities to meet law enforcement requirements.

Responsibility for actions of sub processors
In accordance with the Principles, we remain liable for our actions and those of our sub processors in the event of a breach of the terms of this Privacy Policy as it relates to the Client Data.

Rights of individuals to access or change or delete personal information
Because the Client Data is provided to us by our Clients and not by the individuals to which such personal information relates, any requests for access to, changes or deletion of Client Data applicable to them must be made by the individuals to the Clients, not to us directly.   If so requested by our Client, we will respond within a reasonable timeframe. CompIntelligence will notify the individual or company’s administrator employee before their information is disclosed for purposes other than what is mentioned above and will allow individuals to opt out of such disclosures. CompIntelligence will ensure that all third parties with access to personal information are subject to law providing the same level of privacy protection as is required by GDPR and other related compliance mandates and agree in writing to provide an adequate level of privacy protection.

Direct Data
Personal Information Collected
CompIntelligence may gather personal information directly from individuals in the following ways: 1) when individuals complete the “Contact Us” option on our website; 2) from individuals representing existing or prospective Clients as part of our sales or marketing activities related to our products (along with #1 “Sales and Marketing Data”) or 3) in response to direct communications with individuals concerning employment or independent contractor engagement with us (“Employment Data”).  This personal information in the case of Sales or Marketing Data may include name, email and telephone contact information, name of employer, job title with employer; and in the case of Employment Data may also include social security number or other evidence of ability to work in the United States (green card or similar status), educational or experience qualifications, third party recommendations, prior employment history, and background checks including any prior criminal activity.  Direct Data does not include personal data which reveals racial or ethnic origin, political opinions, religious beliefs, genetic data, biometric data, data concerning health, or data concerning a person’s sex life or sexual orientation.  We do not knowingly collect personal information from persons under the age of 16.

Use of Personal Information
We will make no use of the Sales and Marketing Data other than as part of our efforts to increase sales of our products and services to existing and prospective Clients.  We will make no use of the Employment Data other than as part of our internal human resources activities.

Disclosure or onward transfer of personal information
We will only disclose the Direct Data to a) companies we hire as our agents in connection with our Sales and Marketing efforts, or Employment efforts, as applicable, and with whom we have written contracts requiring them to maintain strict technical and organizational controls to prevent unwanted disclosure or use of such personal information, and b) in response to lawful requests by public authorities to meet law enforcement requirements.

Responsibility for agents
In accordance with the Principles, we remain liable for our actions and those of our agents in the event of a breach of the terms of this Privacy Policy as it relates to the Direct Data.

Rights of individuals to access or change or delete personal information
Individuals have the right to access their Sales and Marketing Data personal information, request changes or deletion of such personal information, direct us not to disclose such information to a third party and not to use such information for any purpose other than our Sales and Marketing activities, by contacting the CompIntelligence at it@compintelligence.com .  Individuals have the same rights with respect to their Employment Data personal information, subject to our compliance with applicable employment laws.  If so requested, we will respond within a reasonable timeframe.

Cookies
Cookies are small data files placed on a device when it is used to visit our website. CompIntelligence may place cookies or similar files on your device for security purposes. Cookies allow us to collect technical and navigational information, such as browser type, time spent on our sites and pages visited. If you would prefer not to accept cookies, you can change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it, or set your browser to automatically not accept any cookies. 

Data Security
CompIntelligence has designed a data security program with multiple layers of protection, covering data transfer, encryption, network configuration and application-level controls that are distributed across a scalable, secure infrastructure.  CompIntelligence has established a thorough set of security policies covering areas of information security, physical security, incident response & disaster recovery. These policies are reviewed and approved annually. CompIntelligence personnel are notified of updates to these policies and are provided security training.  CompIntelligence and its data center provider undergo annual security audits which are performed by an independent third party. CompIntelligence will continue to participate in regular SOC2 audits. CompIntelligence also reviews SOC2 reports for all subservice organizations.

Data Integrity
CompIntelligence will ensure that personal information is accurate and reliable. CompIntelligence shall only process personal information in a way that is well- suited and appropriate for the purpose for which it was received from Clients or collected from the individual.

Enforcement
CompIntelligence conducts a self-assessment to ensure that we are within compliance. At CompIntelligence, our employees take your privacy very seriously. We encourage people to raise any concerns using the provided contact information. CompIntelligence will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of personal information. Any employee in violation of our policy is subject to termination.

Unresolved Privacy Disputes
CompIntelligence has committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to an independent dispute resolution mechanism. That independent dispute resolution mechanism is the International Center for Dispute Resolution, operated by the American Arbitration Association. For more information and to file a complaint, you may contact the International Center for Dispute Resolution by visiting the website http://go.adr.org/privacyshield.html. As a last resort and under limited circumstances, EU individuals with residual complaints may invoke a binding arbitration option before the Privacy Shield Panel as described on the Privacy Shield website at https://www.privacyshield.gov

Contact Info:
CompIntelligence, Inc.
1 Jacks Hill Road Unit 1D
Oxford, CT 06478
Phone – 203-888-1667
it@compintelligence.com