PRIVACY POLICY

Last Revised: February 8th, 2022

This privacy notice (the “Privacy Notice”) together with the Terms of Use constitutes an agreement between you and Cronometer Software Inc. and its affiliates (collectively “Cronometer”, “us”, “our,” or “we”) while accessing and using our website located at cronometer.com, other websites we own or operate, and/or Cronometer’s mobile applications (collectively, the “Site”). This Privacy Notice describes how Cronometer collects, protects, uses, and discloses information and data collected and created in the course of your access to and use of the Cronometer website, products, and services, as well as your interactions with Cronometer via telephone, electronic or other means (collectively, and together with the Site, the “Services”), and is governed by our Terms of Use.

Your privacy is important, and we encourage you to read this Privacy Notice carefully to understand the information we collect and what we do with it.

Consent. By accessing the Site, registering with Cronometer, creating a user profile on our Site, or submitting information to Cronometer, you consent to this Privacy Notice and the collection and use of information as described below. We will take steps to notify you and confirm that you agree at different stages of collecting information. If you do not agree with our policies and practices, you may not be able to access or benefit from certain portions of the Site.

Scope. Please be advised that this Privacy Notice applies to information that we collect when you visit the Site or use our Services, when you submit your information to us on the Site or our Services, when you communicate with us through email and other means, via third parties that we work with to provide our Services, or by any other means over the course of your use of our Services.

For purposes of this Privacy Notice:

“HIPAA” means the United States Health Insurance Portability and Accountability Act of 1996.

“PHI” means individually identifiable health information, held or maintained by a Covered Entity or its Business Associates acting for the Covered Entity that is transmitted or maintained in any form or medium (including the PHI of non-U.S. citizens).

“Business Associate” means a person or entity that performs certain functions or activities that involve the use or disclosure of PHI on behalf of, or provides services to, a HIPAA Covered Entity.

“Covered Entity” means (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions to which HIPAA applies.

“Content” means any expression fixed in a tangible medium and includes, without limitation, ideas, text, comments, video, audio, graphics, designs, drawings, animations, logos, trademarks, copyrights, information, data, software, scripts, executable files, recipes, workouts, likes, activities, maps, routes, nutritional information and data, and any intellectual property therein, any of which may be created, submitted, or otherwise made accessible on or through the Site and/or Services.

Personal Information. As used in this Privacy Notice, “Personal Information” means information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual consumer or device, such as:

Non Personal Information. As used in this Privacy Notice, “Non-Personal Information” means information that does not identify you and cannot be used to contact you personally and may include: (a) certain [A1]publicly available information; (b) aggregate information, meaning data about a group or category of services or users from which individual identities and other Personal Information has been removed; (c) deidentified information that cannot be easily linked back to the individual; or (d) [A2]and in full compliance with HIPAA and Privacy laws, and on an aggregated and anonymous basis, your diary entries, health data[A3], recipes, targets and profile. Under certain circumstances, Personal Information and/or Non-Personal Information may constitute PHI. If HIPAA applies to such Personal Information and/or Non-Personal Information, we will take appropriate steps to comply with HIPAA’s privacy and security rule requirement. For example, if we are a Business Associate of a Covered Entity, and if specific Personal Information and/or Non-Personal Information that we use or disclose as such a Business Associate is PHI, we will take appropriate steps to comply with HIPAA’s privacy and security rule requirement with respect to any such use and disclosure.

Lawful Basis. We will only collect your Personal Information (a) when applicable, with your consent; or (b) [A4]as authorized or required by law. We will limit the collection of Personal Information to that which is reasonable. If we collect or use your Personal Information based on your consent, we will also notify you of any changes and will request your further consent as needed.

HOW WE COLLECT & USE YOUR PERSONAL INFORMATIONThe Personal Information we collect about you and how we use the Personal Information we collect depends on the context of your interactions with Cronometer, the Site, and our Services.

Information we collect directly from you, with your consent. We collect Personal Information directly from you with your consent when you leave a comment or use other interactive features on the Site or communicate with us online or by other means. If you leave a comment on the Site, we collect your email address and IP address to confirm that the comment originated from a Site user and not from a bot or other automated spam generator. If you access or submit an inquiry through our Site, subscribe to a service, register to receive marketing materials, participate in contests, sweepstakes or promotions, or receive other Services, we may ask you to provide certain personal information such as your name, email address, phone number and zip code, and possibly other Personal Information. We take reasonable steps to make sure that your contact information is accurate, complete, current, and otherwise reliable.We use your Personal Information to communicate with you about Cronometer and our Services and for direct marketing purposes, such as:

We will only contact you in ways compatible with your communications choices. However, even if you have opted-out of receiving marketing communications from us, we may need to contact you to address questions or issues specific to the services you have requested.

We may periodically supplement the Personal Information we collect from you with personal or non-personal information about you or another person obtained from companies [A5]with whom we have marketing or other business relationships and other third party sources. Any aggregate information that is linked or linkable to your Personal Information will be treated as Personal Information under this Privacy Notice.

Currently, Cronometer or our third party service providers retain and store information collected by, or provided to, us in the cloud and on secure, HIPAA compliant servers in the United States. As Cronometer and some of our third party service providers may retain and store information received from users (including Personal Information) outside of Canada, and under the laws of those other jurisdictions, in certain circumstances courts, law enforcement agencies, regulatory agencies or security authorities in those other provinces or foreign jurisdictions may be entitled to access users’ information.

Payment Information. Cronometer does not collect or maintain any payment information. If you choose to subscribe to our Site and/or Services, our current payment processor, will collect your financial information to facilitate the transaction. We partner with third party service providers and vendors to provide access to existing payment gateways and your credit card, banking and other billing information will be stored only with our payment processor, not with Cronometer. You will be given information regarding our current payment processor, including access to their privacy policy and terms, when you authorize a transaction through the Site.

Information collected from your use of the Site, with a legitimate interest. We use analytics tools or other technologies to collect information about you from your use of this Site. We collect this information to achieve our legitimate interests of operating the Site and our Service, as well as marketing our Services to a broader audience. This information may be combined with other information that you choose to submit to us. This information may also be merged into aggregate information about site visitors and traffic. We use third-party analytics tools to distinguish and analyze user behavior.

Log Files. We collect anonymous and technical information from your computer, including your internet protocol address, data about your computer or other device, the type of browser or operating system your device uses, the programs, services, and version of software you use, and the address of any linking site, when you request a web page while visiting the Site. We use this information for statistical purposes, to ensure that our web pages will appear and function appropriately on your computer, to determine how you were referred to our Site, and to personalize your access to our Site or conduct our own analyses and research to improve our programs, products, services, and content. We may sell, rent, or otherwise convey this anonymous, technical information to a third party, but this information will never constitute Personal Information. We also use third parties to collect and analyze information. If you do not agree with Cronometer or our Services Providers (as defined below) collecting and using your anonymous and technical information as described in this paragraph, discontinue use of the Site or you may contact us as described under “Controlling Your Personal Information.”

Cookies. Like most commercial websites, we use cookies to track use of our Site. Cookies are small text files that are stored on your computer or equipment when you visit certain online pages that record your preferences. Cronometer and our Service Providers use cookies to track use of our Site and online services. Cookies may also be used to monitor traffic, improve the Site, make the Site easier and/or more relevant for your use, and improve the performance of our advertising. You can make personalized choices regarding the cookies employed within the Site in the Settings section. However, certain features of our Sites or other Services may not work if you delete or disable cookies. For more information on cookies and how to disable them on your computer please visit: https://www.consumer.ftc.gov/articles/0042-online-tracking.

Generally-speaking, we use 1st and 3rd-party session and persistent cookies. The cookies set by us are called “1st-party cookies” and the cookies set by our Service Providers are called “3rd-party cookies.” Session cookies are temporary cookies that remain on your device until you close your web browser. Many session cookies are essential to make our Site work correctly, as they typically enable you to move around our Site and use our features. Persistent cookies remain on your device after you close your browser or until you manually delete it (for the former, the amount of time the cookie remains on your device will depend on the duration or “lifetime” of the specific cookie and your browser settings). Persistent cookies help us recognize you as an existing user of our Site, so it’s easier and convenient to return to our Site or interact with our Services without signing in again[A6]. In addition, persistent cookies also help us recognize you when you view a resource belonging to our Site from another website or app (such as an advertisement) and help us record information about your web browsing habits during the lifetime of the persistent cookie.

Examples of cookies we use:

Cronometer uses Personal Information collected from you automatically perform data analysis, identify Site and Services usage trends, develop and display content and advertising tailored to your interests or location, and to measure the effectiveness of our marketing efforts and our Services. Cronometer may use and store this information and the reports we generate using this information in an anonymized form or in the aggregate that it is not associated with individual end users and does not include personal information.

Other ways we might use your Personal Information. In addition to the specific uses and purposes described above, we might use information that we collect about you or that you provide to us, including any Personal Information:

Children Under Age 16. Cronometer products and services are designed to benefit both adults and children. However, any Personal Information submitted pertaining to children under the age of 16 must be explicitly consented to by that child’s parent or legal guardian. As such, this Site may not be used, and no Personal Information should be submitted from children under 16 years of age without such consent. If you are under 16, do not use or provide any information on this Site or on or through any of its features, make any purchases through the Site, use any of the interactive or public comment features of the Site or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received Personal Information from a child under 16 without verification of parental or legal guardian consent, we will delete that information. If you believe we might have any information from or about a child under 16 without appropriate consent from a legal guardian, please contact us at privacy@cronometer.com.

DISCLOSURE OF YOUR INFORMATION

As permitted by applicable law, we may share your Personal Information as follows:

SECURITY

Data Security. It is Cronometer’s policy to treat your Personal Information with complete confidentiality. We minimize the Personal Information we store and employ commercially appropriate and reasonable safeguards both online and offline to maintain the security, confidentiality, and integrity of information that we collect about you. We maintain physical, electronic and procedural security measures to safeguard your non-public personal information. We update and test our technology to improve the protection of our information about you and to assure the integrity of that information.

We educate our employees about the importance of confidentiality and customer privacy through standard operating procedures and special training programs.

In many instances we employ state-of-the-art, and in any event commercially reasonable, measures to protect your Personal Information, such as two-factor authentication, penetration testing, the implementation of privacy-by-design and thorough vetting of our hosting services providers. However, please note, however, that no transmission of data over the internet is 100% secure and we cannot guarantee that unauthorized third parties will not defeat those measures and use nonpublic Personal Information for improper purposes. Therefore, we are not responsible for circumvention of any privacy settings or security measures contained on the Site or for actions of third parties. The safety and security of your information also depends on you, and you are responsible for keeping your password confidential. Also, always remember to log off your account and close your browser window when you have finished your visit. This is to ensure that others cannot access your account, especially if you are sharing a computer with someone else or are using a computer in a public place. Please refer to the Federal Trade Commission's website at http://www.ftc.gov/bcp/menus/consumer/data.shtm for information about how to help protect yourself against identity theft.

Public Forums. If you choose to make use of any public forum, comment section or chat function, we may collect any information you may disclose through such means.

In-Media Communications. If you choose to send a message to another user or defined group of users through our message, chat, post or other function, we may collect any information you may disclose through such means, as well as the necessary Personal Information of the user(s) you are contacting, in order to facilitate the communication.

Third Party Sites. This Privacy Notice applies only to information collected by Cronometer. We may provide links to third party websites from our Sites as a service to our users, but we have no ability to control, and we are not responsible for, the privacy and data collection, use, and disclosure practices of third party websites. When you click on links that take you to external websites, you will be subject to their privacy policies and practices and not ours. We encourage you to review and understand the privacy policies of such websites before providing them with any information.

Photos and Videos. If you post a video, image or photo on our Site for public view you should be aware that these may be viewed, collected, copied and/or used by other users without your knowledge or consent. We are not responsible for the videos, or photos that you choose to submit to the public sections our Site. For clarity, there are also private sections of the Site where you can submit content that will not be viewable by other users. Please see our Terms of Service at https://cronometer.com/terms/ on this point and for other guidelines about posting content on any portion of our Site.

Updates and Push Notifications. We may occasionally send you updates, patches and related push notifications that may be of importance to you. If you do not wish to receive updates, patches and notifications you should discontinue use of our Site and/or Services or disconnect your computer or device from the Internet. If you do not wish to receive push notifications, do not select the "Send me newsletters and promotional emails" box under your Account Information in your Cronometer Profile. If you choose to enable push notifications, we may use your information such as a device ID or email address in order to send push notifications to your device.

Do Not Track Signals. Do Not Track is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. For information about Do Not Track, visit www.allaboutdnt.org. At this time, Cronometer does not respond to Do Not Track browser settings or signals. In addition, Cronometer may use other technology that is standard to the internet to track visitors to the Site. Those tools may be used by us and by third parties to collect information about you and your internet activity, even if you have turned on the Do Not Track signal.

Unauthorized Use. If you become aware of any unauthorized submission of information to Cronometer, including children’s information, please inform us by contacting us at the contact information listed below so that we may delete it.

CONTROLLING YOUR PERSONAL INFORMATION

Cronometer provides you the ability to exercise certain controls and choices regarding our collection, use and sharing of your information. Depending on where you reside, your options to control your Personal Information may include some or all of the following:

At any time, you may exercise any of these controls and choices, express concerns, lodge a complaint, or obtain additional information about the use of your Personal Information by contacting us at privacy@cronometer.com.

Opting Out of Communications. We will only communicate with you if you want to hear from us, or if it necessitated by the Services you receive from us (i.e. transactional, payment or invoicing related messages). You can modify or limit the communications we send to you by clicking the “unsubscribe” link at the bottom of any of our emails, or by visiting the “Settings” section of the Site where you can make specific choices regarding your communication preferences. You may also contact us directly by email at privacy@cronometer.com. Please be sure to include your full name, email address and specifically what information you do not want to receive.

CALIFORNIA PRIVACY RIGHTS

Cronometer adopted this section to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and applies solely to residents of the State of California (“California Consumers”). Without limiting the foregoing, this section provides California Consumers with the disclosures and notices required under the CCPA. Certain exceptions and limitations, may apply to a California Consumer’s rights and Cronometer’s obligations under the CCPA.

Personal Information Collected. Cronometer has collected the following categories of Personal Information from California Consumers within the last twelve (12) months:

Sources for the Personal Information We Collect. We collect the Personal Information described above from the following sources:

Use of Personal Information. Depending on your interactions with Cronometer, we may use or disclose the Personal Information we collect about you for one or more of the following business purposes:

We will not collect additional categories of Personal Information or use the Personal Information we collect for materially different, unrelated, or incompatible purposes without notifying you.

Disclosing Personal Information. Cronometer may disclose Personal Information for a business purpose to the following categories of third parties:

In the preceding twelve (12) months, Cronometer has disclosed the following categories of Personal Information for a business purpose[A10]:

No Sale of Personal Information. Cronometer has not sold any Personal Information in the preceding twelve (12) months.

Your Rights and Choices. The CCPA provides California Consumers with specific rights regarding their Personal Information. The following paragraphs describe CCPA rights and explain how to exercise those rights. Each of these rights is subject to our receipt of a verifiable consumer request (see below).

Right to Disclosure. You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months, such as:

Cronometer is only required to respond to two disclosure requests within a 12-month period.

Right to Access. You have the right to request that we provide you with access to specific pieces of Personal Information we have collected about you over the past 12 months (also called a data portability request). If you submit a right to access request, we will provide you with copies of the requested pieces of Personal Information in a portable and readily usable format. Please note that Cronometer is prohibited by law from disclosing copies of certain pieces of Personal Information (e.g., government identification numbers, financial account information, and passwords or security questions and answers) because the disclosure would create a substantial, articulable, and unreasonable risk to the security of the information, our business systems, or your account. Cronometer is only required by law to respond to two access requests within a 12-month period.

Right to Deletion. You have the right to request that we delete any of your Personal Information that we collected from you and retained, with certain exceptions. Cronometer may permanently delete, deidentify, or aggregate the Personal Information in response to a request for deletion. If you submit a right to deletion request, we will confirm the Personal Information to be deleted prior to its deletion, and we will notify you when your request is complete.

Submit a Consumer Privacy Request. To exercise any of the above rights, please submit a verifiable consumer privacy request to Cronometer by email at privacy@cronometer.com.

Verification. We cannot respond to your request or provide you with Personal Information unless we can verify your identity and your authority to make the request and confirm that the Personal Information relates to you. A verifiable consumer privacy request must:

You do not have to sign up with Cronometer to make a verifiable consumer privacy request. We will only use Personal Information provided in a verifiable consumer privacy request to verify the requestor’s identity or authority to make the request.

Authorized Agent. You may make a verifiable consumer request on behalf of your minor child. Otherwise, only you, or a person you have designated in writing as your authorized agent or who is registered with the California Secretary of State to act on your behalf, or to whom you have provided power of attorney pursuant to California Probate Code sections 4000 to 4465 (“Authorized Agent”) may make a verifiable consumer request related to your Personal Information. If you wish to have an Authorized Agent make a verifiable consumer request on your behalf, they will need to provide us with sufficient written proof that you have designated them as your Authorized Agent, and we will still require you to provide sufficient information to allow us to reasonably verify that you are the person about whom we collected Personal Information.

Cronometer’s Response. We endeavor to respond to a verifiable consumer request within 45 days of receipt. If we require more time, we will notify you in writing of the reason and extension period. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding receipt of the verifiable consumer request. If we cannot comply with part or all of your request, we will explain the reasons in our response.We do not charge a fee to process or respond to your verifiable consumer privacy request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Nondiscrimination. We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by law, we will not do any of the following as a result of your having exercised your right under the CCPA:

Other California Privacy Rights. California Civil Code sections 1798.83-1798.84 (the Shine the Light Act) entitles California residents to request disclosure regarding Personal Information sharing with affiliates and/or third parties for marketing purposes. If you are a California resident and you would like to request a copy of this notice, please contact us at privacy@cronometer.com with the subject line “Request for California Privacy Information.”

Privacy Notice to Residents of the European Union, United Kingdom and Canada. Cronometer adopted this section to comply with the European Union’s General Data Protection Regulations (“GDPR”) and other jurisdictions with similar data protection laws. This section applies to Site visitors, users, and others who are residents of the European Union, United Kingdom and Canada. While GDPR is not generally applicable to Cronometer’s Personal Information processing activities, we endeavor to uphold its principles for data subjects in the EU as well as those in other jurisdictions with similar rights. Without limiting the foregoing, to the extent that Cronometer’s activities implicate the GDPR or other similar laws now or in the future, this section provides those individuals with information about our relevant privacy practices.

Data Controller. The data controlles of your Personal Information is Cronometer, if you have engaged us directly[A13]. If Cronometer has been engaged to provide services by your school or other primary contact, Cronometer is a data processor for the primary contact.

Lawful Basis under GDPR. The lawful bases on which Cronometer processes your Personal Information are: (a) when applicable, with your direct consent; (b) if we have a legitimate interest in doing so, such as fulfilling our obligations as a data processor to your School, administering our business, maintaining the quality of our Site and Software, providing customer service, or identifying new business opportunities; and (c) as authorized or required by law.

Additional rights: you have the following rights in relation to the Personal Information we hold about you.

YOUR RIGHT

WHAT THIS MEANS FOR YOU

WHAT YOU CAN DO

To know how we process your Personal Information.

We are required to provide notice about the way that we will use the Personal Information we collect.

We have set the required notices in this Privacy Notice. We may provide you with additional notice about other ways we process your Personal Data, such as by sending you a notice via email or by other means of communication.

To access your Personal Information.

If you request it, we will provide you with access to your Personal Information, along with details about the types of Personal Information we process, why we process it, and any third parties we work with to collect Personal Information on our behalf.

You can request to access your Personal Information (i.e. a copy of it). We may have one or more legally valid reasons to refuse your request in whole or in part, for example in order to protect the rights of other individuals.

To restrict the processing of your Personal Information.

In certain circumstances and to the extent required by law, we are required to restrict our processing of your Personal Information.

You can request that we restrict the processing of your Personal Information if (i) the data is inaccurate, (ii) the processing is unlawful, (iii) we no longer need the Personal Information, or (iv) you exercise your right to object.

To rectify your Personal Information.

We are required to correct the Personal Information we have about you if you inform us that it is incorrect.

If you become aware that the Personal Information that we hold about you is incorrect, or if your situation changes (for example you change address) please inform us and we will update our records.

To data portability.

In some circumstances, we are required to provide your Personal Information to another organization at your request and in a format that allows the other organization to read and use it.

You have the right to request that we transfer your Personal Information to another organization (i.e. another data controller) in a structured, commonly used machine-readable format, so that the other organization can read and use it.

To erasure of your Personal Information (a.k.a. the “right to be forgotten”).

Upon your request, and in certain circumstances and where we are required to do so by law, we are required to delete your Personal Information. This right is not absolute, and we may be entitled to retain and process your Personal Information despite your request.

If you make this request, we balance certain legal, contractual and business interests against your right to request the deletion of your Personal Information.

To object to certain processing of your Personal Information.

Upon your request, and in certain circumstances and where we are required to do so by law, we will limit our processing of your Personal Information as you request.

You may object to the processing of your Personal Information in certain circumstances. If you make this request, we will consider certain legal, contractual and business interests and obligations against your right to object to the processing. You can also object to our use of your Personal Information for direct marketing purposes.

To not be subject to a decision based solely on “automated processing.”

We are required to keep records of automated processing that we carry out, if any, and, in certain circumstances, provide you with information about the way that the decisions are made, and respond to your objections to being subject to decisions made.

We do not currently make decisions about individuals based solely on automated processing. If we engage in this activity in the future, you will have the right to object to a decision we make wholly by a computer or algorithm without human input and to receive information about this type of processing.

If you want to exercise any of these rights, please make a request to privacy@cronometer.com.

TERMS

Terms of Use. We encourage you to familiarize yourself with the Site Terms of Use (https://cronometer.com/terms/) which governs all matters not set forth in this Privacy Notice.

Changes to this Privacy Notice. We may occasionally make changes to this Privacy Notice to ensure its accuracy. If we make changes, the revised Privacy Notice will be posted online and the date of the newest version will be listed. Please check back frequently, especially before you provide us with personal information, to determine the current scope of the notice.

Governing Law. Those who choose to use or access the Site and/or Services from outside Canada do so on their own initiative and are responsible for compliance with local laws, if and to the extent local laws are applicable. Notwithstanding the foregoing, and recognizing the global nature of the Internet, each viewer and user shall comply with all local rules regarding online conduct and submission of acceptable materials. This Privacy Policy is governed and interpreted pursuant to the laws of the Province of British Columbia, Canada and the federal laws of Canada applicable therein, without regard to principles of conflicts of law that would impose the law of another jurisdiction, and you accept and submit to the exclusive jurisdiction of the courts located within the Province of British Columbia, Canada.

International Transfer. We may transfer information that we collect about you to affiliated entities, or to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world. Please note that these countries and jurisdictions may not have the same personal information protection laws as your own jurisdiction, and you consent to the transfer of information over international borders and the use and disclosure of information about you, including Personal Information, as described in this Privacy Policy.

CONTACT INFORMATION

If you have any further questions about our collection and use of your Personal Information, or if you wish to exercise any of your rights over your Personal Information or if you have any questions about this Privacy Notice, please contact us at privacy@cronometer.com

Cronometer Software Inc.
Attention:
Privacy Officer

Address:
PO Box 9099
Revelstoke, B.C.
Canada
V0E 3K0

Email:
privacy@cronometer.com